TikTok Fined $368 Million For EU Child Data Breach

European regulators imposed an inaugural $368 million fine Friday on TikTok, marking the first instance of this short video-sharing platform suffering consequences for violating Europe's stringent children privacy regulations.

The Data Protection Commission of Ireland, the primary privacy overseer for major tech giants with European bases predominantly in Dublin, has levied a fine of 345 million euros against TikTok. Simultaneously, the platform has received a reprimand for infractions dating back to the latter half of 2020.

The investigative probe uncovered a critical flaw in TikTok's registration process for adolescent users. It resulted in default settings that rendered their accounts public, granting unrestricted access for viewing and commentary on their video content. These default configurations also endangered children under the age of 13, who often manage to access the platform despite age restrictions.

Furthermore, the software's family pairing feature, intended to empower parents to oversee settings, displayed a lapse in stringency. It permitted adults to activate direct messaging for users ages 16 and 17 without obtaining a parent's consent. In addition, it subtly directed teen users toward more invasive privacy options during the registration and video posting processes, as noted by the regulatory watchdog.

TikTok said in a statement that it disagrees with the decision, “particularly the level of the fine imposed,” as reported by ABC News.

“Most of the decision's criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began,” said TikTok's head of privacy for Europe, Elaine Fox. She was quoted from a blog post.

The company highlighted that the regulatory critique primarily centered on features and configurations from a previous three-year timeframe. TikTok underscored its proactive efforts, noting that it had implemented significant alterations well before the investigation's commencement in September 2021. These changes included setting all accounts for teenagers under 16 as private by default and disabling direct messaging for users ages 13 to 15.

Critics have taken issue with the Irish regulator's pace in investigating major tech corporations since the implementation of EU privacy regulations in 2018. In the case of TikTok, dissenting stances from German and Italian regulators regarding aspects of a preliminary decision issued a year ago contributed to further delays.

To circumvent potential future bottlenecks, the administrative center of the 27-nation European Union has assumed the responsibility of enforcing new regulations. These regulations are designed to nurture digital competition and enhance the oversight of social media content. This move aims to preserve the EU's influential position as a global leader in tech regulation.

In reaction to initial objections by German authorities, Europe's highest council of data regulators asserted that TikTok employed pop-up notifications for teen users that lacked a neutral and objective presentation of their available choices.

“Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner — particularly if that presentation can nudge people into making decisions that violate their privacy interests,” said Anu Talus, chair of the European Data Protection Board.

The Irish regulatory body is conducting a secondary investigation to ascertain whether TikTok adhered to the EU's General Data Protection Regulation provisions when transferring users' personal data to China, the home base of its parent company, ByteDance.

TikTok has addressed these concerns amidst allegations of security risks linked to potential data transfers to China. The platform has launched a project focused on localizing European user data. As a significant part of this initiative, TikTok has recently established a data center in Dublin, marking the commencement of a planned trio of facilities across the continent.

Following its departure from the European Union in January 2020, regulators in Britain imposed a fine of 12.7 million euros (approximately $15.7 million) on TikTok in April. This penalty resulted from TikTok's mishandling of children's data and its infringement of various safeguards intended to protect the personal information of young users.

Instagram, WhatsApp, and their parent company, Meta, are among several tech industry titans that have also faced substantial fines imposed by the Irish regulatory authority over the past year.

In 2019, TikTok reached a settlement agreement amounting to $5.7 million for violating the United States' Children's Online Privacy Protection Act (COPPA), marking the largest fine ever recorded in the law's history of over two decades, Axios reported.

COPPA violations have become more frequent in recent years, prompting some tech companies to proactively prohibit advertisements targeting users under 18 as a preventive measure against such penalties.

In a case last year, Epic Games, the creator of the popular Fortnite video game, incurred a fine of $520 million to resolve allegations involving privacy breaches and unauthorized charges. Of this sum, $275 million was allocated for violations of the COPPA rule.

Additionally, in 2019, Google agreed to pay a $150-200 million fine for violating children's privacy laws concerning its platform, YouTube.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More