Irish regulators fined TikTok €345 million (£296 million) for violating children's privacy.
The complaint concerned how the social media app handled children's data in 2020, particularly age verification and privacy settings. This is the largest fine TikTok has received from regulators to date. A spokesperson for the social media firm said that "the judgement is disappointing, especially the level of the fine imposed": "The work you are referring to goes back 3 years. And in just 3 years, all the problems have been fixed with various updates” they said.
The fine was imposed by the Irish Data Protection Commission (DPC) under the EU's General Data Protection Regulation (GDPR) privacy law. The GDPR sets rules that companies must follow when processing data. The DPC found that TikTok was not sufficiently transparent with children about its privacy settings and raised questions about how children's data is processed.
The company was given three months to fully harmonise its data processing with the GDPR.
Professor Sonia Livingston, who researches children's digital rights and experiences at the London School of Economics and Political Science, welcomed the DPC's decision: "[Children] want to participate in the digital world without being exploited or manipulated. This means that platforms must explain how their data is processed and, most importantly, treat their data fairly because privacy is a child's right."
The investigation into TikTok's illegal data transfer from the EU to China is ongoing. TikTok is owned by Beijing-based ByteDance.