Today, the Irish Data Protection Commission (DPC) fined TikTok €345 million (approximately $367 million) for children’s data. The penalty is the result of an investigation by the DPC in 2021 examining TikTok’s compliance with European General Data Protection Regulation (GDPR) rules. In August, Politico reported that the DPC had issued fines.
The investigation focused on various aspects of TikTok, including account setup, “family matches” and the age verification process. After consulting with the European Data Protection Board, the DPC decided that TikTok will automatically make children’s accounts public when children register on the platform.
This means kids’ videos are public by default, and features like comments, duets, and Stitch are enabled by default.
TikTok’s “Family Matching” Feature and Data Protection
TikTok’s “Family Matching” feature, introduced in 2020, is designed to help link children’s accounts to separate adults. In theory, this feature is designed to make it easier to manage app settings, including screen time and limiting direct messages and inappropriate content.
However, the Data Protection Commission (DPC) has found that children’s TikTok accounts may be linked to information not approved by a parent or guardian. Once connected, adults can clear the child’s profile settings, including allowing direct messages.
One of the controversial issues is whether TikTok is doing enough to prevent children under the age of 13 from falling below the minimum age limit, accessing the platform and verifying their age.
While the decision concluded that TikTok’s age verification system did not violate the GDPR, it was determined that the company did not protect the privacy of minors and was able to generate money for more than 13 years.
In 2021 TikTok, implemented privacy restrictions for the accounts of users between the ages of 13 and 15, giving them a higher level of privacy throughout their lives. TikTok was given three months to bring its apps into compliance with these regulations.
The Data Protection Commission (DPC) had previously fined another social media platform for similar offenses involving young users. In 2022, for example, Meta was fined more than $400 million for allowing young Instagram users to create business profiles that made their contact information and other details public.
Conclusion
Concerns over GDPR compliance were highlighted when the Irish Data Protection Commission (DPC) fined TikTok €345 million for its improper handling of children’s data.
The investigation uncovered issues with presets, “family matching” and age verification, raising questions about TikTok’s commitment to protecting users’ privacy. Although the measures were taken in 2021, concerns continue.
