Social media platform TikTok is facing a $368 million fine after failing to protect children’s privacy, breaching Europe’s strict data privacy rules.
Ireland’s Data Protection Commission – the primary regulatory authority overseeing European data privacy matters – announced its fine directed at TikTok for breaches dating back to 2020.
TikTok Hit With $368M Fine Under Europe's Strict Data Privacy Rules https://t.co/towy1xFUEX
— The Hollywood Reporter (@THR) September 15, 2023
The investigation uncovered critical issues with TikTok’s sign-up process for teenage users. This process inadvertently led to default settings that made their accounts public, enabling unrestricted access to view and comment their videos. These default settings posed a significant risk to children under the age of 13, who gained unauthorized access to the platform.
In addition to this, the “family pairing” feature, intended for parental control, was found to have some loose restrictions. It allowed adults to enable direct messaging for users aged 16 and 17 without their consent. Additionally, it pushed teenage users into selecting more invasive privacy options during the sign-up and video posting processes, as noted by the regulatory authority.
“Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner — particularly if that presentation can nudge people into making decisions that violate their privacy interests,” said Anu Talus, Chair of the European Data Protection Board.
“Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began,” TikTok’s head of privacy for Europe, Elaine Fox, responded in a blog post.
In response to objections raised by German authorities, Europe’s top panel of data regulators noted that TikTok had utilized pop-up notices to guide teenage users but failed to present their choices in a neutral and objective manner. Meta’s platforms, Instagram and WhatsApp, have also been hit with hefty fines by Irish regulators over the past year.