In a significant blow to TikTok, the Irish Data Protection Commission (DPC) has imposed a hefty fine of €345 million ($368 million) on the social media giant for failing to protect the data of young users. This enforcement comes at a time when the European Union is tightening its grip on how tech companies handle users’ personal data, particularly those belonging to minors.
The Regulatory Findings
According to the DPC, TikTok defaulted child users’ profiles to public, making their information easily accessible. Videos they posted were also public by default, and anyone could comment on them. Moreover, the social media platform didn’t make ‘Duet’ and ‘Stitch’ opt-in features, leaving the content open for manipulation. The DPC also found that TikTok allowed child users’ accounts to be paired with adult users without verifying the relationship between them, even enabling direct messaging features that should be off-limits for underage users.
A Series of Fines and Investigations
This is not the first time TikTok has faced financial penalties over data protection issues. Earlier this year, the UK Information Commissioner’s Office (ICO) fined TikTok £12.7 million ($15.75 million) for similar violations. While the Irish DPC did not establish whether TikTok had violated GDPR rules about kids under 13 signing up, it did note the platform allowed unrestricted content viewing, irrespective of the viewer’s age.
The Broader Context
The DPC is the lead regulator for TikTok in the European Union and is responsible for ensuring compliance with the General Data Protection Regulation (GDPR). Over the years, the DPC has launched several investigations into TikTok, scrutinizing how the platform handles personal data related to age verification, privacy settings, and parental controls. The commission has also looked into how TikTok transfers data to other countries, including China, where its parent company ByteDance is based.
Although TikTok has expressed disagreement with the magnitude of the fine, it has acknowledged the DPC’s decision. The company has taken steps to make changes to its features and settings to enhance user privacy and safety. For example, all accounts for users under 16 are now set to private by default, and direct messaging has been disabled for this age group.
Other Companies in the Regulatory Spotlight
The DPC’s stringent actions are not limited to TikTok; other tech giants like Facebook, Twitter, Google, Instagram, and WhatsApp are under investigation for various data protection issues. These investigations range from handling data breaches to compliance with transparency and consent requirements under the GDPR.
What Lies Ahead?
TikTok’s fine serves as a cautionary tale for tech companies, as regulators worldwide are increasingly focusing on data protection, especially concerning minors. The question now is whether TikTok’s changes in its features and settings will be enough to assuage regulatory concerns and protect the younger segment of its user base.
As scrutiny intensifies, this could be a watershed moment, not just for TikTok but for the entire tech industry, forcing them to reevaluate and strengthen their data protection measures.