TikTok Slapped with $370 Million Fine for Violating Privacy Laws
TikTok fined over $370 million for children’s data privacy violations in Europe.
Union for violating privacy laws concerning the handling of children’s personal data. This marks the first time TikTok, owned by ByteDance, has faced such sanctions from the EU.
The breaches occurred between July 31, 2020, and December 31, 2020, according to Ireland’s Data Protection Commissioner (DPC), which serves as the lead regulator in the EU for many major tech companies. During this period, TikTok ran afoul of several EU privacy laws.
One of the key issues highlighted by the DPC was that in 2020, TikTok set the default privacy setting for user accounts under the age of 16 to “public.” Furthermore, the platform did not adequately verify whether individuals linking their accounts through the “family pairing” feature were, in fact, parents or guardians of underage users.
TikTok did make some changes in response to these concerns, implementing tougher parental controls for family pairing in November 2020 and switching the default setting for users under 16 to “private” in January 2021. The company also plans to make privacy settings clearer and will pre-select “private” accounts for new users aged 16-17 registering later this month.
TikTok expressed its disagreement with the DPC’s decision, especially the size of the fine, and noted that many of the issues raised had been addressed through measures introduced prior to the DPC’s investigation, which began in September 2021.
The DPC has given TikTok a three-month deadline to bring all of its data processing practices into compliance with EU regulations. Additionally, the DPC is conducting a separate investigation into TikTok’s transfer of personal data to China and whether it adheres to EU data laws when sending data to countries outside the EU.
Under the EU’s General Data Protection Regulation (GDPR) introduced in 2018, the lead regulator for a company can impose fines of up to 4% of the company’s global revenue. The DPC has previously levied substantial fines on other tech giants, including a combined 2.5 billion euros imposed on Meta.
The TikTok fined over $370 million for children’s data privacy is expected to be a major issue to hit social media sites in recent time
As of the end of 2022, the DPC had 22 inquiries open into multinational companies headquartered in Ireland.
What’s next: The DPC ordered TikTok to bring the rules to compliance within three months.
- “We’ll continue to further strengthen protections for teenagers on TikTok,” the app said.
Flashback: In 2019, TikTok agreed to a $5.7 million settlement for violating the U.S.’s Children’s Online Privacy Protection Act (COPPA) — the record largest fine at the time in the law’s 20+ year history.
- COPPA fines have been more common in recent years. Some tech firms have started to ban ads targeting users under 18 to avoid these penalties.
- Last year, Epic Games, the maker of the Fortnight video game, was fined $520 million to settle allegations of privacy violations and unwanted charges. Of that, $275 million was for violating the COPPA rule.
- In 2019, Google agreed to pay a $150-200 million fine for violating children’s privacy laws on YouTube.