TikTok faces $370M fine over alleged mishandling of children's privacy data in Europe

ByteDance, the parent company of the short video platform TikTok, recently faced a significant setback. The company was hit with a hefty fine of €345M ($370M) due to a breach of EU privacy laws and mishandling of children’s personal data. This incident occurred between July and December 2020, as confirmed by Ireland’s Data Protection Commissioner (DPC). Notably, this was the first time TikTok faced such a penalty from the DPC.

Key points include:

• TikTok's Retort: The company disagreed with the severity of the fine, arguing that many of the concerns raised were now outdated due to corrective measures implemented from September 2021 onward.

• Past Missteps: In 2020, TikTok was found to be setting the accounts of users under 16 to "public" by default and failed to verify if a "linked" adult was indeed the child user’s parent or guardian, a feature they termed "family pairing".

• Addressing the Issue: TikTok implemented a series of damage control actions. In November 2020, they tightened parental controls for "family pairing", while in January 2021, they changed the default setting for all users under 16 to "private". Additionally, they announced their intention to revise their privacy materials to provide clearer distinctions between public and private accounts.

• DPC's Mandate: The DPC gave TikTok three months to comply with these changes.

• Upcoming Challenges: TikTok now faces another investigation into its data transfer to China and compliance with EU data law for moving personal data outside the bloc.

• The Impact of GDPR: Introduced in 2018, the General Data Protection Regulation allows regulators to slap fines of up to 4% of a company's global revenue with the DPC already imposing a hefty collective fine of €2.5B on Meta.