The popular social media platform, TikTok, has been fined a staggering €345m (£296m) for violating the European Union’s data protection law in its handling of children’s accounts.
The Irish Data Protection Commission (DPC), which oversees TikTok’s operations across the EU, found that the platform had committed multiple breaches of the General Data Protection Regulation (GDPR) rules.
The breaches include setting child users’ accounts to public by default, allowing public comments on these accounts, failing to verify whether an adult given access to a child’s account through the “family pairing” scheme was indeed a parent or guardian, and not adequately considering the risks posed to users under 13 who were placed on a public setting.
The DPC stated that users aged between 13 and 17 were guided through the sign-up process in such a way that their accounts were set to public by default. This meant that anyone could view an account’s content or comment on it. The commission also found that the “family pairing” scheme, which allows an adult to control a child’s account settings, did not verify whether the adult “paired” with the child user was their parent or guardian.
However, the DPC found no infringement of GDPR in terms of TikTok’s methods for verifying users’ ages. TikTok has stated that the investigation pertained to the company’s privacy setup between 31 July and 31 December 2020 and claimed to have addressed the issues raised by the inquiry.
This case highlights the increasing scrutiny of tech companies’ data practices, particularly concerning minors. It serves as a reminder of the importance of stringent data protection measures and transparency in handling user data.