$368 million penalties for TikTok. This is about children’s privacy

The Irish Data Protection Commission (DPC) has decided on a huge fine for TikTok. The investigation into the violation of the GDPR provisions has been ongoing since September 2021, and the verdict in the case was finally announced recently.

TikTok with a huge fine in Ireland – it’s about violating the GDPR

According to the regulator, TikTok allegedly violated several points of the European General Data Protection Regulation. DPC examined the period from July 31 to December 31, 2020 and included minors aged 13 to 17.

The allegations against the company concerned deficiencies in user account settings, which were public by default – all published content was visible to both other people present on the platform and Internet users outside the website. Another problematic issue concerned the formation of the parent-child pair. TikTok allegedly improperly checked whether the parent account actually belonged to a person’s parent.

Further deficiencies allegedly concerned, among others: non-transparent information on the processing of minors’ personal data, or the use of the so-called dark patterns, encouraging you to give up your privacy rights at the account registration stage.

TikTok responds to Ireland

In a post on its official blog, TikTok “respectfully disagrees with several aspects of the regulator’s decision,” including the amount of the fine.

“Most of the criticisms highlighted in the decision are no longer relevant. This was the result of new measures that we introduced at the beginning of 2021 – a few months before the investigation (DPC) began,” says Elaine Fox, head of TikTok’s privacy policy in Europe.

The changes include new countermeasures, including making the accounts of users aged 13-15 private by default. Popular entries such as Duet and Stitch have been changed so that other users cannot “join” materials created by people under 16 years of age.