EU fines TikTok €345m for data breach
September 15, 2023
TikTok has been fined €345 million for breaking EU law in its handling of children’s personal data, including failing to protect underage users’ content from public view. The EU, said the Chinese video app had committed multiple breaches of GDPR rules.
It said TikTok put child users’ accounts on a public setting by default; allowing public comments on those accounts; not checking whether an adult given access to a child’s account on a ‘family pairing’ scheme was a parent or guardian; and not properly taking into account the risks posed to under-13s on the platform who were placed on a public setting.
The Irish Data Protection Commission (DPC), which polices EU policy in this area, said users aged between 13 and 17 were steered through the sign-up process in a way that resulted in their accounts being set to public – meaning anyone can see an account’s content or comment on it – by default. It also found that the ‘family pairing’ scheme, which gives an adult control over a child’s account settings, did not check whether the adult ‘paired’ with the child user was a parent or guardian.
The DPC ruled that TikTok, which has a minimum user age of 13, did not properly take into account the risk posed to underage users who gained access to the platform.
The DPC decision comes after TikTok was fined £12.7 million (€15 million) in April by the UK data regulator for illegally processing the data of 1.4 million children under 13 who were using its platform without parental consent.
TikTok said it had addressed the problems raised by the inquiry.