EU Regulator Holds TikTok Accountable for Privacy Violations
In a significant development, TikTok, the popular Chinese-owned video app, has been fined a staggering €345 million (£296 million) for breaching privacy laws related to the handling of children’s personal data, according to an announcement from an EU regulator.
Privacy Breach Investigation
The investigation, conducted by Ireland’s Data Protection Commission, unearthed several critical privacy violations committed by TikTok:
- Default Public Visibility: TikTok’s default settings rendered teenagers’ accounts publicly viewable by default, thereby exposing their personal information without their consent.
- Risk to Children Under 13: Even children under the age of 13, who are supposed to be prohibited from using TikTok, faced risks due to lax security measures.
- Inadequate “Family Pairing” Feature: The app’s “family pairing” feature, designed to allow adults to manage their child’s account settings, was found to be insufficiently stringent and easy to bypass.
TikTok’s Response
TikTok has pushed back against the commission’s findings, highlighting that it had already made relevant changes before the Irish investigation commenced in September 2021. These changes included setting all accounts owned by individuals under 16 as private by default. Additionally, TikTok improved its family pairing tool, enabling parents to filter out undesirable content.
Elaine Fox, TikTok’s head of privacy for Europe, emphasized that most of the regulator’s criticisms are no longer applicable.
Regulatory Authority
The Data Protection Commission, which operates in Ireland, has assumed the role of the EU’s primary privacy watchdog. This is because many global tech giants, including Meta (the parent company of Facebook and Instagram), conduct their European operations from Ireland.
Record of Fines
The Data Protection Commission has faced criticism for the pace of its investigations and the magnitude of fines imposed. Earlier this year, it imposed a record €1.2 billion (£1 billion) penalty on Meta for transferring European user data to the US for processing. Previous fines included €390 million (£343 million) against Meta for coercing users into accepting personalized advertisements and €225 million (£193 million) against WhatsApp, another Meta subsidiary, for violating data-sharing regulations.
TikTok’s Privacy Efforts
TikTok’s latest fine coincides with its efforts to address privacy concerns among European policymakers. To bolster user data protection, the company has launched its first local data center in Dublin, with plans to create a fortified protective environment around European user data. This move marks a departure from TikTok’s previous practice of storing all user data on servers in the US and Singapore.
Ireland is set to host a second data center (currently under construction), and another is in development in Norway.
Despite suspicions that TikTok could potentially share user information with the Chinese government, the company has categorically stated its commitment to not doing so, asserting that Beijing’s laws do not extend to data held abroad.
Stay tuned for further updates on this evolving privacy matter.
