The authoritative news source for communications regulation

Irish Privacy Watchdog Fines TikTok $368 Million

TikTok must pay £368 million for numerous breaches of the EU general data protection regulation (GDPR) relating to its processing of personal data from child users of the platform, the Irish Data Protection Commission (DPC) announced Friday. The inquiry, which…

Start A Trial
covered the period July to December 2020, examined possible violations in the context of certain TikTok platform settings, including public-by-default settings and those associated with the "Family Pairing" feature; age verification as part of the registration process; and some of TikTok's transparency obligations, such as the extent of information given children about default settings. The DPC submitted a draft decision finding GDPR infringements to all EU data protection supervisory authorities, two of which objected. When the DPC could not reach consensus on the issues raised in the objections, it referred the matter to the European Data Protection Board (EDPB) for resolution. The board ordered the DPC to make several amendments. The final decision includes a reprimand of TikTok; an order that it bring its processing into compliance within three months; and the $368 million (€345 million) fine. "Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner - particularly if that presentation can nudge people into making decisions that violate their privacy interests," said EDPB Chair Anu Talus. "We respectfully disagree with several aspects of the decision, particularly the level of the fine" and are evaluating next steps, said TikTok Head of Privacy-Europe Elaine Fox. Among other things, she said, the DPC looked at how some privacy settings worked three years ago, and TikTok had already addressed most of its criticisms well before the investigation began. The European Consumer Organisation said it alerted authorities from 15 countries in February 2021 that the platform was breaching many EU consumer and data protection rules. "We now hope this decision triggers change at the company to address issues which not only concern minors, but also adults," emailed Deputy Director General Ursual Pachl.