Connect with us


GDPR: Ireland fines TikTok €345 million for mishandling children’s data



The Irish Data Protection Commission (DPC) has slammed a €345 million fine against video-sharing platform, TikTok, for breaching the European Union’s General Data Protection Regulation (GDPR) in relation to its handling of children’s data.

The Commission also ordered TikTok to bring its offending data processing into compliance within three months. Announcing the fine on Friday, the DPC said its final decision regarding its inquiry into TikTok Technology Limited was adopted on 1 September 2023.

The inquiry, it said, sought to examine the extent to which TikTok complied with its obligations under the GDPR in relation to its processing of personal data relating to child users during the period between 31 July 2020 and 31 December 2020.

The DPC said TikTok was found to have violated the following eight articles of the GDPR: 5(1)(a); 5(1)(c); 5(1)(f); 24(1); 25(1); 25(2); 12(1); and 13(1)(e)  which highlights breaches of lawfulness, fairness and transparency of data processing; data minimization; data security; responsibility of the controller; data protection by design and default; and the rights of the data subject (including minors) to receive clear communications about data processing; and to receive information on recipients of their personal data.

The decision, however, did not find a breach in relation to methods used by TikTok for age verification, which has been a flash point for it with a number of regional regulators, but the Irish watchdog notes the decision does record a violation of Article 24(1) of the GDPR — as it found TikTok did not implement appropriate technical and organizational measures since it did not properly consider certain risks posed to under 13s who gained access to the platform as the default account setting allowed anyone (on or off TikTok) to view social media content posted by those users.

Announcing the fine the DPC in a statement published on its website said TikTok was reprimanded with:

In a response posted to its website, TikTok’s Head of Privacy in Europe, Elaine Fox, spoke on measures the company took to address safety concerns prior to the DPC’s investigation beginning, such as setting accounts of users aged 13-15 private by default.

She also claimed that in 2021 TikTok became the first (“and remains the only”) major platform to publicly disclose the number of suspected underage accounts it removes.

Per the blog post, TikTok has more than 134 million monthly active users across the European Union.