TikTok has been fined 345 million euros ($370 million) in the European Union for violating privacy rules regarding the processing of children’s personal data, its lead regulator in the bloc said on Friday.
Ireland’s Data Protection Commissioner (DPC) said the Chinese-owned short video platform, which has grown rapidly among young people around the world in recent years, had to comply with EU privacy laws between 31 July 2020 and 31 December 2020. Many laws have been violated. In a statement
It is the first time that ByteDance-owned TikTok has been reprimanded by the DPC, the main regulator in the EU for many of the world’s leading tech firms, because of the location of its regional headquarters in Ireland.
A spokesperson for TikTok said it disagreed with the decision, particularly the size of the fine, and that much of the criticism was no longer relevant as a result of measures introduced before the DPC’s investigation began in September 2021.
The DPC said TikTok’s violations included how in 2020 the accounts of users under the age of 16 were set to “public” by default and that TikTok did not verify that Whether the user was actually the child user’s parent or guardian when connected via “family pairing”. characteristic
TikTok added stricter parental controls for family pairings in November 2020 and changed the default setting to “private” for all registered users under 16 in January 2021.
TikTok said on Friday that it plans to further update its privacy content to clarify the difference between public and private accounts and that a private account will already be available for new users aged 16-17. will be selected when they later register for the app. this month.
The DPC gave TikTok three months to bring all its processing into compliance where violations were found.
It has another investigation open into TikTok’s transfer of personal data to China and whether it complies with EU data law when transferring personal data to countries outside the bloc. In March, the DPC said it was preparing a preliminary draft decision for the investigation.
Under the EU’s General Data Protection Regulation (GDPR), introduced in 2018, the lead regulator for any company can impose a fine of up to 4% of the company’s global revenue.
The DPC has hit other tech giants with big fines, including a combined €2.5 billion levied on Meta.
It had opened 22 inquiries into Ireland-based multinationals at the end of 2022.