TikTok has been fined €345 million for breaking EU data law on children’s accounts. The Irish Data Protection Commission found that TikTok violated GDPR rules by making children’s accounts public by default. TikTok has since changed this practice.
The fine is one of the largest ever issued under GDPR legislation, and it is a sign that regulators are taking data protection for children seriously. The GDPR requires companies to obtain parental consent before collecting or processing the data of children under the age of 13. TikTok had been allowing children to create accounts without parental consent, and it was making those accounts public by default. This meant that children’s personal information, including their videos and photos, was visible to anyone on the internet.
On top of that, TikTok was allowing users to create accounts in a way that circumvented the requirement for an adult to be “paired” as it did not verify if the paired account was actually an adult. This meant features that are locked behind age barriers, such as direct messaging, could be enabled for underage users. TikTok has since changed its practices, and it now requires parental consent for children to create accounts. The company has also made children’s accounts private by default. However, the Irish Data Protection Commission found that TikTok’s previous practices violated the GDPR, and it has fined the company accordingly.
The fine is a reminder that companies need to be careful when collecting and processing the data of children. The GDPR gives children special protections, and companies need to make sure that they are complying with the law.
In a statement given to The Guardian, TikTok said “we respectfully disagree with the decision, particularly the level of the fine imposed. The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under-16 accounts to private by default.”
Source: The Guardian