Tiktok
Tiktok

European regulators fine TikTok $368 million over failing to protect the data of young users

What To Know

  • In a blog post, Elaine Fox, TikTok’s Head of Privacy for Europe, remarked, “Most of the decision’s criticisms are no longer relevant due to measures we introduced at the outset of 2021, several months before the investigation commenced.
  • In response to initial objections from Germany, the foremost assembly of data regulators in Europe contended that TikTok employed pop-up notifications to influence teenage users in a manner that failed to present their options impartially and objectively.
  • Anu Talus, Chair of the European Data Protection Board, asserted, “Social media companies bear a responsibility to refrain from presenting choices to users, especially minors, in a biased manner—particularly if such presentations may induce decisions that infringe upon their privacy rights.
  • In response, TikTok has initiated a project to localize European user data, inaugurating a data center in Dublin this month, which will be the first of three such facilities on the continent.

European regulators have imposed a hefty fine of $368 million upon TikTok, marking the first instance of this widely-used short video-sharing platform facing penalties for breaching Europe’s stringent data privacy regulations.

The Ireland Data Protection Commission, which serves as the primary privacy overseer for major tech corporations with their European headquarters predominantly based in Dublin, has decreed a fine of 345 million euros against TikTok. This action follows the platform’s transgressions during the latter half of 2020.

The investigation uncovered that the registration process for adolescent users led to default settings that rendered their accounts publicly accessible. Consequently, anyone could view and comment on their posted videos.

These default configurations also posed a significant risk to children under the age of 13 who, despite being prohibited, managed to access the platform. Furthermore, a feature known as “family pairing,” ostensibly designed for parental management of settings, proved to be less stringent than required.

This inadequacy permitted adults to enable direct messaging for users aged 16 and 17 without obtaining their consent. The platform also steered teenage users towards more privacy-invasive choices when registering and sharing videos, as pointed out by the regulatory authority.

TikTok is hit with $368 million fine under Europe’s strict data privacy Rules

TikTok responded to this ruling with a statement expressing its disagreement, particularly with the magnitude of the imposed fine. The company emphasized that the criticisms raised by the regulator pertain to features and settings that date back three years.

TikTok maintained that it had already implemented various changes well in advance of the investigation’s commencement in September 2021. These changes included making all accounts for users below 16 years of age private by default and disabling direct messaging for those aged between 13 and 15.

In a blog post, Elaine Fox, TikTok’s Head of Privacy for Europe, remarked, “Most of the decision’s criticisms are no longer relevant due to measures we introduced at the outset of 2021, several months before the investigation commenced.”

Critics have taken the Irish regulator to task for the perceived sluggishness in its investigations into major tech entities following the implementation of EU privacy laws in 2018. In the case of TikTok, German and Italian regulators voiced dissent over certain aspects of a preliminary decision issued a year ago, further delaying the process.

To circumvent potential bottlenecks, the European Union’s 27-nation bloc has tasked its Brussels headquarters with enforcing fresh regulations aimed at fostering digital competition and enhancing the integrity of social media content. These rules are designed to cement the EU’s role as a global leader in tech regulation.

In response to initial objections from Germany, the foremost assembly of data regulators in Europe contended that TikTok employed pop-up notifications to influence teenage users in a manner that failed to present their options impartially and objectively.

Anu Talus, Chair of the European Data Protection Board, asserted, “Social media companies bear a responsibility to refrain from presenting choices to users, especially minors, in a biased manner—particularly if such presentations may induce decisions that infringe upon their privacy rights.”

Meanwhile, the Irish watchdog also scrutinized TikTok’s mechanisms for verifying the age of users to determine whether they were at least 13 years old. The conclusion was that TikTok had not violated any regulations in this regard.

Additionally, the regulator is currently conducting a secondary investigation to ascertain whether TikTok adhered to the European Union’s General Data Protection Regulation when transferring users’ personal data to China, where ByteDance, the platform’s owner, is headquartered.

Concerns have arisen that TikTok poses security risks, potentially exposing sensitive user information to China. In response, TikTok has initiated a project to localize European user data, inaugurating a data center in Dublin this month, which will be the first of three such facilities on the continent.

Furthermore, data privacy regulators in the United Kingdom, which withdrew from the EU in January 2020, levied a fine of 12.7 million pounds (equivalent to $15.7 million) against TikTok in April for the improper use of children’s data and breaches of other safeguards protecting young users’ personal information. Notably, Instagram, WhatsApp, and their parent company, Meta, are among the tech giants that have faced substantial fines from the Irish regulator over the past year.