• en

TikTok Faces $368m Fine for Neglecting Children’s Data Privacy

Investigations revealed a significant oversight in the platform’s sign-up process for teenage users.

TikTok recently received a $368 milon fine by European regulators over its negligence in ensuring children’s data privacy.

This significant penalty stands as the inaugural instance of TikTok falling afoul of Europe’s stringent data privacy regulations.

TikTok, whose mainland Chinese counterpart is Douyin, is a short-form video hosting service owned by ByteDance.

It hosts user-submitted videos, which can range in duration from three seconds to 10 minutes.

The enforcement of this penalty came from Ireland’s Data Protection Commission, a pivotal privacy regulating entity for major technology firms situated predominantly in Dublin. The commission has levied a fine of 345 million euros against TikTok and delivered a stern reprimand, highlighting the platform’s violations that trace back to the latter half of 2020.

Investigations revealed a significant oversight in the platform’s sign-up process for teenage users.

The default settings rendered these accounts public, facilitating anyone to view and comment on the young users’ content.

Such default configurations even imperiled children under the age of 13, providing them an unwarranted entry to the platform.

Furthermore, an ostensibly secure “family pairing” feature, which aimed to grant parents enhanced control, exhibited vulnerabilities.

“This flaw permitted adults to activate direct messaging for users aged between 16 and 17 without obtaining their consent.”

The regulatory watchdog also stated that the platform subtly pushed teenage users towards choosing “privacy intrusive” preferences during sign-up and content sharing.

In an official statement, TikTok expressed disagreement with the regulator’s decision, specifically highlighting the extent of the fine. 

Elaine Fox, TikTok’s head of privacy for Europe, said, “Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began.”

With EU privacy laws coming into force in 2018, the Irish regulatory body has faced criticism for its perceived slow pace in handling investigations concerning major tech firms.

Amidst these pressures, the Brussels-based headquarters of the 27-nation conglomerate is stepping up to ensure more efficient enforcement of new digital regulations and social media content management.

Ndubuisi Francis 

Follow us on: