Receive free TikTok Inc updates
We’ll send you a myFT Daily Digest email rounding up the latest TikTok Inc news every morning.
TikTok has been hit with a €345mn EU fine over the way it processed the personal data of children and teenaged users, the first handed out by the bloc to the Chinese-owned social media platform.
Ireland’s Data Protection Commission, the regulator responsible for holding TikTok Technology to EU data protection law, announced the fine on Friday after an investigation that began in September 2021.
The DPC’s probe found TikTok had infringed EU data protection rules by setting the profiles of children aged 13-17 to default to a public setting, meaning anyone on or off TikTok could view their content and contact them.
TikTok, which set up an office in Ireland in 2020 and this month opened a long-planned site in Dublin to store EU citizens’ data, was investigated by the DPC over its compliance during the period July 31 2020 to December 31 2020.
The fine was the latest against social media platforms for lax privacy protections and came as the DPC was finalising an investigation into TikTok over data transfers to China.
Meta, the owner of Facebook, this year was handed a record €1.2bn fine and ordered to suspend transfers of user data to the US. Meta’s Instagram app was fined €405mn by the DPC in September 2022 for failing to safeguard children’s data.
The European Consumer Organisation alerted authorities after an investigation that “TikTok was responsible for multiple breaches of the EU’s consumer and data protection rules”.
“We now hope this decision triggers change at the company to address issues which not only concern minors, but also adults,” said Ursula Pachl, the consumer group’s deputy director-general.
TikTok, which has 134mn monthly EU users, failed to provide child users with enough transparency over what was happening to their data and nudged them towards more privacy-intrusive options, said Dublin-based DPC. TikTok does not say how many of its users are children.
In addition, under a family pairing setting, it could not be verified that the adult paired with a child’s account was the parent or guardian and that adult was able to allow over-16s to access direct messaging features, the DPC said.
The social media app, which is owned by Beijing-based ByteDance, said it had changed its policy on most of the issues covered well before the investigation began and had not yet decided whether to appeal.
“We respectfully disagree with the decision, particularly the level of the fine imposed,” said TikTok.
“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under-16 accounts to private by default,” it added.
In a statement, TikTok’s head of privacy for Europe Elaine Fox said the platform would “continue to strengthen protections for teenagers”.
The DPC was ordered by the European Data Protection Board, the independent umbrella authority for the sector, to toughen the initial decision it had reached last year, following objections raised by the Italian and German data protection bodies. But the level of fine remained unchanged.
TikTok has three months to comply with the ruling.
The DPC expected to share its draft findings on its investigation into TikTok data transfers to China with other European data protection agencies by the end of this year.
Additional reporting by Javier Espinoza in Brussels
Read the full article here