European regulators have issued a fine of $368 million to TikTok for breaching data privacy rules and failing to protect children’s privacy. The Irish Data Protection Commission, the lead privacy regulator for major tech companies in Europe, imposed the fine and reprimanded TikTok for violations that occurred in the second half of 2020.
The investigation revealed that TikTok’s sign-up process for teen users had default settings that made their accounts public, allowing anyone to view and comment on their videos. This default setting also posed a risk to children under the age of 13 who gained access to the platform, despite being prohibited. In addition, the “family pairing” feature intended for parents to manage settings was not strict enough, enabling adults to activate direct messaging for users aged 16 and 17 without their consent. The watchdog also found that TikTok nudged teen users into more privacy-intrusive options during sign-up and video posting.
TikTok issued a statement disagreeing with the decision and expressing particular concern over the level of the fine. The company emphasized that many of the criticized features and settings had been changed prior to the start of the investigation, including making all accounts for teens under 16 private by default and disabling direct messaging for 13 to 15-year-olds.
This fine is a significant development as it marks the first time that TikTok has been penalized under Europe’s strict data privacy regulations. The Irish regulator has faced criticism in the past for its slow investigations into major tech companies, but with new regulations in place, the European Union is taking steps to enforce digital competition and ensure the regulation of social media content.
The Irish watchdog is currently conducting a separate investigation into whether TikTok compliance with the EU’s General Data Protection Regulation when transferring user information to China. TikTok has been under scrutiny for potential security risks and has responded by localizing European user data, including the opening of a data center in Dublin.
In recent years, other tech giants such as Instagram, WhatsApp, and their parent company Meta have also been fined by the Irish regulator for similar privacy violations.
Sources:
– Source article: [Source]
– EU’s General Data Protection Regulation: The European Union’s regulation on data protection and privacy for all individuals within the EU. It aims to give control to individuals over their personal data and simplify the regulatory environment for international business by unifying the regulation within the EU.
– Irish Data Protection Commission: The independent authority in Ireland responsible for enforcing the data protection law, including the General Data Protection Regulation.
– TikTok: A popular short video-sharing app owned by ByteDance, based in China.