In the latest strike by the EU against the commercial practices of internet giants, a regulator on Friday levied a 345 million euro fine over child data breaches on the Chinese-owned social media platform TikTok.
The $369 million fine is the result of a two-year investigation by Ireland’s Data Protection Commission (DPC). The rigorous General Data Protection Regulations (GDPR), which are enforced by the Irish watchdog, granted TikTok three months “to bring its processing into compliance” with the regulations.
In September 2021, the DPC started looking into TikTok’s adherence to GDPR in relation to platform settings and the handling of personal data for individuals under the age of 18.
TikTok’s age verification policies for users under the age of 13 were also examined, and while no violations were discovered, it was discovered that the platform had not adequately considered the hazards associated with younger users signing up for the site.
When minors signed up for TikTok, their accounts were automatically set to public, allowing anyone to view and comment on their videos, as the regulator emphasized in its decision on Friday.
TikTok’s “family pairing” mode, which connects parents’ accounts to those of their adolescent children, was also criticized by the report, although the DPC determined the company did not confirm parent or guardian status.
Due to Dublin’s location as the home of TikTok’s European headquarters as well as those of companies like Google, Meta, and X, formerly Twitter, the GDPR regime is centered on Ireland.
For violating an earlier court order by sending EU user data to the US, Meta was fined a record-breaking 1.2 billion euros by the DPC in May.
Young people love TikTok, a spinoff of Chinese internet giant ByteDance, which has 134 million users in the EU and 150 million users in the US.