TikTok, the popular Chinese-owned short-video platform, has been slapped with a hefty fine of 345 million euros ($370 million) by the European Union for violating privacy laws concerning the handling of children’s personal data. This marks the first time TikTok, owned by ByteDance, has faced such sanctions from the EU.
The breaches occurred between July 31, 2020, and December 31, 2020, according to Ireland’s Data Protection Commissioner (DPC), which serves as the lead regulator in the EU for many major tech companies. During this period, TikTok ran afoul of several EU privacy laws.
One of the key issues highlighted by the DPC was that in 2020, TikTok set the default privacy setting for user accounts under the age of 16 to “public.” Furthermore, the platform did not adequately verify whether individuals linking their accounts through the “family pairing” feature were, in fact, parents or guardians of underage users.
TikTok did make some changes in response to these concerns, implementing tougher parental controls for family pairing in November 2020 and switching the default setting for users under 16 to “private” in January 2021. The company also plans to make privacy settings clearer and will pre-select “private” accounts for new users aged 16-17 registering later this month.
TikTok expressed its disagreement with the DPC’s decision, especially the size of the fine, and noted that many of the issues raised had been addressed through measures introduced prior to the DPC’s investigation, which began in September 2021.