European regulators have imposed a substantial fine of $368 million on TikTok for its failure to safeguard children’s privacy. This marks the first instance of the widely used short video-sharing app facing consequences for violating Europe’s stringent data privacy regulations.
The Data Protection Commission of Ireland, which serves as the primary privacy overseer for major tech companies with their European bases predominantly in Dublin, announced a fine of 345 million euros against TikTok and issued a reprimand for its privacy infringements that occurred during the latter half of 2020.
The investigation revealed that the registration process for teenage users resulted in default settings that made their accounts public, permitting anyone to view and comment on their videos. These default settings also posed a risk to children under the age of 13 who accessed the platform, even though it’s prohibited for them.
Additionally, a feature known as “family pairing,” designed to allow parents to manage settings, was found to be insufficiently strict, enabling adults to enable direct messaging for users aged 16 and 17 without their consent. It also guided teenage users into more privacy-invasive options during sign-up and video posting, according to the regulatory authority.
TikTok responded to the decision by stating its disagreement, particularly with the magnitude of the imposed fine. The company highlighted that most of the criticisms from the regulator focused on features and settings from three years ago. TikTok noted that it had already implemented changes well before the investigation commenced in September 2021, such as setting all accounts for users under 16 to private by default and disabling direct messaging for 13- to 15-year-olds.
Elaine Fox, TikTok’s head of privacy for Europe, emphasized in a blog post that many of the criticisms in the decision were no longer applicable due to measures taken by the company at the beginning of 2021, several months before the investigation began.
The Irish regulatory authority has faced criticism for the perceived sluggishness of its investigations into major tech firms since the implementation of EU privacy laws in 2018. In the case of TikTok, German and Italian regulators had disagreements with aspects of a preliminary decision issued a year ago, further delaying the process.
To address potential bottlenecks, the European Union’s headquarters in Brussels has assumed the responsibility of enforcing new regulations aimed at promoting digital competition and enhancing the oversight of social media content. These rules are designed to maintain the EU’s role as a global leader in tech regulation.
In response to initial objections from German authorities, Europe’s top panel of data regulators noted that TikTok used pop-up notices to guide teenage users but failed to present their choices in a neutral and objective manner.