TikTok fined €345 million in Ireland for violating children’s data security

Irish Data Protection Commission (DPC) fined TikTok for €345 million for violating the rules on storing children’s personal data.

The regulator checked the privacy settings of the social network and the procedure for verifying the age of users for the period from July 31 to December 31, 2020. Based on the results of the audit, the commission came to the conclusion that TikTok committed many violations of the EU General Regulation on the Protection of Personal Data. Thus, the accounts of users aged 13–17 years old during registration on the TikTok platform fell into the public category by default, which is why their videos could be watched by other users of any age and anyone could contact these teenagers.

Additionally, issues have been identified with the Family Settings feature, which allows a parent to connect their account with their child’s account. As the DPC points out, TikTok did not have a process in place to verify whether an adult using Family Settings is actually the parent or responsible adult of the minor with whom they are connecting their account. Meanwhile, this function gives an adult access to a number of security and privacy settings for a child’s account, and also allows him to set up sending direct messages to a child over 16 years old, limit the list of users who can send messages to a child, etc.

TikTok confirmed receiving information about the fine and stated that it “respectfully disagrees with this decision, especially with the size of the fine imposed.” As the company noted, all these complaints relate to functions and settings that were in effect three years ago, but since then everything has been corrected.

Alena Miklashevskaya