bad news for TikTok in Europe. The Irish Data Protection Commission (DPC) imposed a fine of 345 million euros to the popular video app, for not correctly protecting the personal information of its underage users.
The Irish authorities, endorsed by the European Data Protection Board, They came to the conclusion that TikTok violated multiple articles of the General Data Protection Regulation (GDPR). But the heavy financial punishment is not the only thing that TikTok must face. It will also have 3 months to change the way it processes the data of children who use the social network.
It is worth mentioning that the investigation by the Irish DPC began in September 2021. It was carried out with data collected on the operation of TikTok between July 31 and December 31, 2020. The final decision of European regulators was made on September 1, although it was only made public this Friday.
According to the Irish, TikTok committed multiple offenses when processing the personal data of minors registered in your app. But not only that, but the experience of using the platform exposed the users in question in a dangerous way.
Fine of 345 million euros for TikTok in Europe
The authorities’ investigation showed that children’s profiles on TikTok were public by default. This allowed anyone, both inside and outside the app, to view your posts. Furthermore, this could pose a greater risk for children under 13 years of age, Considering the progress of grooming in recent years.
Likewise, TikTok failed to offer transparency information about the management of minors’ data. But it was also accused of implementing “dark patterns” to push users to access options that are invasive of their privacy, in order to achieve a more complete experience in the app.
Although perhaps the most striking thing is that TikTok did not exercise true control over the family pairing of accounts. That is, the accounts of minors could be connected to those of adults, without controlling whether the profiles really belonged to their parents or guardians.
In this way, then, the violation of articles 5(1)(a), 5(1)(c), 5(1)(f), 24(1), 25(1), 25(2) was recorded ), 12(1) and 13(1)(e) of the GDPR. TikTok did not receive the regulators’ decision well, as expected. From the social network they issued a statement to TechCrunch showing your disagreementespecially with regard to the size of the fine.
“The DPC’s criticism focuses on features and settings that were implemented three years ago, and in which we made changes long before the investigation began, such as setting all accounts under 16 years of age to private by default,” they indicated.
We will have to see how the story continues. For now, TikTok continues with its plan to try to silence criticism about its privacy policies and espionage accusations by China. In fact, it recently began migrating its European users’ data to a new data center in Ireland.