The Irish Data Protection Commission (DPC) has taken action against TikTok, fining the short video service a substantial €345 million. The DPC’s decision stems from concerns that TikTok was not doing enough to safeguard the personal data of its minor users. This investigation, initiated in September 2021, has revealed critical issues.
Violations of EU Data Protection Rules
The DPC’s investigation uncovered that TikTok had violated EU data protection regulations by automatically enabling a public profile mode for all its minor users. This default setting allowed any platform user to access children’s data, view their content, and send messages directly to them.
Inadequate Parental Control Measures
Moreover, the DPC found shortcomings in TikTok’s parental control feature, designed to let parents link their accounts to their children’s. Unfortunately, this feature allowed unauthorized individuals to undertake similar actions, potentially jeopardizing the safety of minor users. The regulator scrutinized TikTok’s activities in the region from July 31 to December 31, 2020.
A Series of Data Protection Sanctions
This fine against TikTok is part of a growing trend of sanctions imposed on social networks for their inadequate protection of user data. Earlier this year, Meta Platforms, the owner of Facebook, received a hefty €1.2 billion fine and an order to halt the transfer of user data from the EU to the USA. In September of the previous year, the DPC fined Meta-owned social network Instagram €405 million for its failure to ensure the protection of children’s data, notes NIXSolutions.
With a monthly user audience of 134 million people in the EU, TikTok has expressed its disagreement with the DPC’s decision, particularly the scale of the fine.