The Irish Data Protection Commission imposes €345 million fine on TikTok
Background
The Irish Data Protection Commission (IDPC) recently announced a hefty fine of €345 million against TikTok for its failure to adequately protect minors. The investigation focused on the measures taken by the social media platform between July 31, 2020, and December 31, 2020, to safeguard underage users.
Violation of GDPR
After a thorough examination, the IDPC concluded that TikTok violated the General Data Protection Regulation (GDPR) during the specified period. The regulator specifically scrutinized TikTok’s settings for users under 18, its age verification system, and the transparency of the social network regarding its handling of this particular user group.
Default Profile Settings
The investigation uncovered that during the designated period, profiles of minor users on TikTok were set to public by default. This default setting allowed any internet user, regardless of whether they were registered on TikTok or not, to view shared content from underage users. This lack of privacy control raised concerns about the exposure of minors to potentially harmful content.
Inadequate Parental Control System
Furthermore, the IDPC highlighted that TikTok’s parental control system could be accessed and utilized by adults who had not been verified as parents or guardians of minors. This flaw in the system undermined the intended purpose of parental control features, potentially exposing minors to inappropriate content.
Lack of Transparency
The IDPC also criticized TikTok for its lack of transparency towards underage users. The regulator alleged that the social network employed a “dark pattern” strategy to encourage users to choose privacy-intrusive options. This deceptive approach raised concerns about TikTok’s commitment to protecting the privacy and safety of its younger user base.
TikTok’s Response
Timing of the Sanction
TikTok clarified that the IDPC was penalizing the platform for incidents that occurred in 2020 and not for its current operations. The company emphasized that it had already addressed some of the issues raised by the regulator. For example, as of January 2021, TikTok changed the default profile settings for users under 16 to private, thereby enhancing privacy controls.
Disagreement with the Fine
While TikTok acknowledged the IDPC’s decision and its commitment to complying with it, the company expressed its disagreement with the imposed fine. TikTok believes that some aspects of the decision, particularly the size of the fine, are not justified.
Measures for Protection
TikTok also highlighted the various measures it has taken over the past three years to protect minors on its platform. The company claims to have improved parental controls and transparency. It emphasized that neither the IDPC nor the European Committee for Data Protection found TikTok’s age verification measures to be in violation of GDPR. TikTok reiterated its commitment to providing a safe and suitable platform for users aged 13 and older.
In conclusion, TikTok is facing a significant fine for its failure to adequately protect minors during a specific period. While the company has made improvements since then, the fine highlights the importance of robust measures to safeguard underage users and maintain transparency in social media platforms.