TikTok fined €345 million for breaching EU data law on children’s accounts | Tic Tac

TikTok has been fined €345m (£296m) for breaching EU data law in its handling of children’s accounts, including failing to protect content from underage users of the public view.

Ireland’s data watchdog, which regulates TikTok across the EU, said the Chinese video app had committed multiple violations of GDPR rules.

TikTok was found to have violated GDPR by defaulting child users’ accounts to a public setting; allow public comments on these accounts; failing to verify whether an adult with access to a child’s account under a “family matching” program was a parent or guardian; and not properly taking into account the risks posed to under-13s on the platform who were placed in a public place.

The Irish Data Protection Commission (DPC) said users aged 13 to 17 are guided through the registration process so that their accounts are made public – meaning anyone can see the content of an account or comment on it – by default. . The study also found that the “family match” system, which gives an adult control of a child’s account settings, did not check whether the adult “matched” with the child user was a parent or a tutor.

The DPC ruled that TikTok, whose minimum age of use is 13, had not properly taken into account the risk posed to minor users with access to the platform. He said the public default setting process allows anyone to “view social media content posted by these users.”

The Duet and Stitch features, which allow users to combine their content with other TikTokers, have also been enabled by default for those under 17. However, the DPC found that there had been no breaches of GDPR in relation to its user age verification methods.

The DPC’s decision comes after TikTok was fined £12.7 million in April by the UK’s data regulator for illegally processing the data of 1.4 million children under 13 who used its platform without the consent of their parents. The Information Commissioner said TikTok had done “very little, if anything” to check who was using the platform.

TikTok said the investigation looked into the company’s privacy settings between July 31 and December 31, 2020 and said it had resolved issues raised by the investigation. All existing and new TikTok accounts for 13-15 year olds are set to private – meaning only people approved by the user can see their content – ​​by default since 2021.

TikTok said: “We respectfully disagree with the decision, particularly the level of the fine imposed. The criticisms of the DPC relate to functionalities and parameters that were in place three years ago and which we modified well before the investigation even began, such as making all accounts private by default. under 16.”

The DPC also acknowledged that it had been overruled by the European Data Protection Board, a body made up of EU member states’ data and privacy regulators, on aspects of its decision. This meant it had to include a proposed conclusion from the German regulator that the use of “dark patterns” – the term for deceptive website and app designs that trick users into certain behaviors or making particular choices – violated a provision of the GDPR on the fair processing of personal data. data.