As predicted in our previous article on the future GDPR fine, the Irish privacy watchdog , has fined the popular social network TikTok a whopping 345 million euros. The fine stems from violations of European data protection laws, better known as the General Data Protection Regulation (GDPR), regarding the processing of data of underage users.
The Indictment Against TikTok
The €345 million fine is the result of a lengthy investigation into TikTok’s data processing practices, particularly targeting underage users. The Irish Data Protection Commission (DPC), Ireland’s privacy watchdog, found that TikTok did not take sufficient measures to protect minors’ data and violated their privacy rights in several ways, including:
Lack of parental consent: TikTok allegedly made insufficient efforts to determine the age of users and obtain parental consent to process data of minors, which is required under the GDPR.
Insufficient transparency: TikTok reportedly did not explain clearly enough how personal data was collected and processed, which may have meant that minor users did not fully understand what was happening with their data.
Default settings: TikTok’s default settings would have enabled privacy-sensitive information such as location data and device data without users’ explicit consent, further compromising their privacy!
The Meaning of the TikTok Penalty
This ticker-tock fine of 345 million euros is remarkable for several reasons:
A warning to tech companies: The fine serves as a strong warning to other tech companies to take GDPR standards seriously and make sure they comply with data protection rules, especially when it comes to underage users.
Protection of minors: With this fine, the Irish DPC emphasizes the importance of protecting the privacy of minors in the online world. This is a crucial signal that children’s rights should be taken as seriously online as they are offline.
Transparency and consent: The case also highlights the importance of transparency and obtaining explicit consent when processing personal data. It is essential that users, especially minors, fully understand how their data will be used before they agree.
TikTok Highlights Prior Adjustments for Data Protection of Minors
TikTok, which is owned by Chinese company ByteDance, responded to the decision and in particular to the size of the tiktok fine imposed. In a statement, the company stressed that the criticism relates to options and institutions from three years ago. They point out that they had already made adjustments long before the investigation began. For example, one of those changes was to set the accounts of all users under the age of 16 as private by default.
The Irish regulator conducted the investigation because TikTok, along with several other major players, has its European headquarters in Ireland. This places the company under the jurisdiction of Irish data protection laws and regulations.
The €345 million fine imposed on TikTok for violations of the GDPR is a milestone in the enforcement of data protection and privacy rights, especially for underage users. It emphasizes that companies are responsible for protecting the privacy of their users, regardless of their age, and that violations of data protection laws can have serious consequences. This case will undoubtedly serve as a warning to other tech companies to take data protection rules and regulations seriously and make sure they are in compliance with laws designed to safeguard the privacy of individuals.
Take the first step to getting GDPR right for your business.