European Regulators Impose $368 Million Fine on TikTok for Privacy Lapses Affecting Minors

For the first time under the European Union’s stringent data privacy laws, TikTok has been fined $368 million by Ireland’s Data Protection Commission. The regulatory body, which supervises major tech companies headquartered in Dublin, cited “significant lapses” in how TikTok handles the privacy of its younger users.

It is not the first time that TikTok has faced scrutiny. It previously received heavy fire due to child safety concerns, and there has been the ongoing issue of security concerns that led to it being banned on certain devices. However, the key findings in the 2021 investigation prompted more direct action.

The Key Findings

The investigation by the Data Protection Commission revealed several areas of concern. One of the primary issues was that the default settings on accounts for teenagers were set to public, providing unrestricted access for any user to view and comment on their videos. The issue is seen as a critical lapse in the protection of minors’ online privacy.

In addition, the platform’s “family pairing” feature, intended to allow parents greater control over their children’s TikTok account settings, was found to be insufficiently stringent. The feature enabled adults to turn on direct messaging for users aged 16 and 17 without the teenagers’ consent. The state of the feature was viewed as another potential compromise to their privacy.

The platform was also criticized for steering teenage users toward more “privacy-intrusive” options during both the sign-up process and while posting videos.

TikTok’s Response

TikTok has contested the regulatory body’s findings, arguing that several of the criticized features and settings were already updated prior to the 2021 investigation. For example, TikTok says that accounts for users under the age of 16 have been set to private by default and that direct messaging has been disabled for users between 13 and 15 years of age.

Elaine Fox, TikTok’s Head of Privacy for Europe, cited changes made at the start of 2021 as for why most of the criticisms were no longer valid.

Previous Fines and Ongoing Scrutiny

TikTok has faced penalties related to data privacy before. The company was previously fined £12.7 million ($15.9 million) by UK regulators for similar lapses in protecting young users’ personal information.

Implications for Data Privacy

This case marks the first time that TikTok has been penalized under the EU’s data privacy laws and sets a precedent for future actions against social media platforms. It also highlights the growing concern over how tech companies manage and protect the data of minor users, an issue that regulators are increasingly paying attention to.

The Importance of Data Privacy

The $368 million fine against TikTok by European regulators underscores the importance of data privacy, particularly when it comes to vulnerable populations like minors. While the company argues that many of the cited issues have been addressed, the penalty serves as a reminder for all tech companies to continuously assess and improve their data privacy measures, especially as they pertain to younger users.