TikTok is hit with $368 million fine under Europe’s strict data privacy rules

LONDON (AP) — European regulators slapped TikTok with a $368 million fine on Friday for failing to protect children’s privacy, the first time that the popular short video-sharing app has been punished for breaching Europe’s strict data privacy rules.

Ireland’s Data Protection Commission, the lead privacy regulator for Big Tech companies whose European headquarters are largely in Dublin, said it was fining TikTok 345 million euros and reprimanding the platform for the violations dating to the second half of 2020.

The investigation found that the sign-up process for teen users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos. Those default settings also posed a risk to children under 13 who gained access to the platform even though they’re not allowed.

Also, a “family pairing” feature designed for parents to manage settings wasn’t strict enough, allowing adults to turn on direct messaging for users aged 16 and 17 without their consent. And it nudged teen users into more “privacy intrusive” options when signing up and posting videos, the watchdog said.

Other news
FILE - The FBI seal is pictured in Omaha, Neb., Aug. 10, 2022. A sharply divided privacy oversight board is recommending that the FBI and other agencies be required to get court approval before reviewing the communications of U.S. citizens collected through a secretive foreign surveillance program. (AP Photo/Charlie Neibergall, File)A key US government surveillance tool should face new limits, a divided privacy oversight board saysFILE - The lights of the state Capitol glow into the night in Sacramento, Calif., Wednesday, Aug. 31, 2022. California, which already has some of the strongest digital privacy laws in the U.S., is on the verge of handing consumers a major new tool to combat the sale and secret use of personal information they may never have agreed to share. Both houses of the state legislature have passed the Delete Act, which would establish a “one stop shop” where individuals could order hundreds of often shadowy data brokers to delete information such as their location history and financial details.(AP Photo/Rich Pedroncelli, File)Imagine making shadowy data brokers erase your personal info. Californians may soon live the dreamElon Musk, CEO of X, the company formerly known as Twitter, laughs while speaking to the media after attending a closed-door gathering of leading tech CEOs to discuss the priorities and risks surrounding artificial intelligence and how it should be regulated, on Capitol Hill in Washington, Wednesday, Sept. 13, 2023. (AP Photo/Jacquelyn Martin)Tech industry leaders endorse regulating artificial intelligence at rare summit in Washington

TikTok said in a statement that it disagrees with the decision, “particularly the level of the fine imposed.”

The company pointed out that the regulator’s criticisms focused on features and settings dating back three years. TikTok said it had made changes well before the investigation began in September 2021, including making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.

“Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began,” TikTok’s head of privacy for Europe, Elaine Fox, wrote in a blog post.

The Irish regulator has been criticized for not moving fast enough in its investigations into Big Tech companies since EU privacy laws took effect in 2018. For TikTok, German and Italian regulators disagreed with parts of a draft decision issued a year ago, delaying it further.

To avoid new bottlenecks, the Brussels headquarters of the 27-nation bloc has been given the job of enforcing new regulations to foster digital competition and clean up social media content — rules aimed at maintaining its position as a global leader in tech regulation.

In response to initial German objections, Europe’s top panel of data regulators said TikTok nudged teen users with pop-up notices that failed to lay out their choices in a neutral and objective way.

“Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner — particularly if that presentation can nudge people into making decisions that violate their privacy interests,” said Anu Talus, chair of the European Data Protection Board.

The Irish watchdog, meanwhile, also had examined TikTok’s measures to verify whether users are at least 13 but found they didn’t break any rules.

The regulator is still carrying out a second investigation into whether TikTok complied with the EU’s General Data Protection Regulation when it transferred users’ personal information to China, where its owner, ByteDance, is based.

TikTok has faced accusations it poses a security risk over fears that users’ sensitive information could end up in China. It has embarked on a project to localize European user data to address those concerns: opening a data center in Dublin this month, which will be the first of three on the continent.

Data privacy regulators in Britain, which left the EU in January 2020, fined TikTok 12.7 million pounds ($15.7 million) in April for misusing children’s data and violating other protections for young users’ personal information.

Instagram, WhatsApp and their owner Meta are among other tech giants that have been hit with big fines by the Irish regulator over the past year.

About The Author

Must Read

Scroll to Top