Today, TikTok has been hit with a colossal fine of $367 million by Ireland’s Data Protection Commission for its mishandling of children’s data. The investigation, which was initiated in 2021, examined whether the social media platform had violated Europe’s General Data Protection Regulation (GDPR) laws.
The probe specifically focused on defaults account settings, “Family Pairing” feature, and age verification. It was discovered that TikTok had set children’s accounts to public by default, making their videos publicly viewable and enabling features like comments and duets without their explicit consent.
Furthermore, children’s accounts could be linked to profiles that were not verified as belonging to a parent or guardian, compromising their privacy. While TikTok’s age verification methods were deemed compliant with GDPR laws, the company was found to have inadequately protected the privacy of children under the age of 13. TikTok now has three months to rectify its practices and bring them in line with privacy regulations.
Turn campaigns into conversions with an easy to use marketing tools – Join for free
TikTok fined $367 million for how it handled children’s data
TikTok, the popular video-sharing platform, has recently been fined $367 million by Ireland’s Data Protection Commission (DPC) for its mishandling of children’s data. This significant penalty comes as a result of an investigation initiated by the DPC in 2021 to determine if TikTok was in compliance with Europe’s General Data Protection Regulation (GDPR) laws. The investigation specifically focused on various aspects of TikTok’s features and settings that relate to children’s accounts, such as default account settings, “Family Pairing” settings, and age verification.
Are you ready to get your business growing? – START FOR FREE
Investigation by Ireland’s Data Protection Commission (DPC)
The Ireland Data Protection Commission launched an investigation into TikTok’s data handling practices and found evidence of numerous violations. The DPC examined how TikTok managed children’s accounts, specifically looking into default account settings, Family Pairing settings, and age verification methods. Based on their findings, the DPC concluded that TikTok had not adequately protected the privacy of children using the platform, leading to the hefty fine of $367 million.
Discover the power of confident communication with Grammarly Free
Violation of GDPR laws by TikTok
During the investigation, the DPC discovered that TikTok had set children’s accounts to public by default when they signed up on the platform. This default setting meant that all videos posted by children were automatically made publicly viewable, and features like comments, duets, and Stitch were enabled by default as well. This clear violation of GDPR laws raised concerns about the privacy and safety of young users on TikTok.
Focus on TikTok features
The investigation centered around several key features of TikTok that were found to be problematic in terms of protecting children’s data. The DPC specifically examined default account settings, Family Pairing settings, and age verification methods employed by TikTok.
Default account settings
The DPC found that TikTok set children’s accounts to public by default, meaning that anyone could view their videos without any restrictions. This default setting put children’s privacy at risk and potentially exposed them to unwanted attention or harassment.
Family Pairing settings
TikTok introduced a feature called “Family Pairing” in 2020, which allowed children’s accounts to be linked with an adult account. This feature was intended to give parents or guardians control over app settings, such as limiting screen time and restricting certain content. However, the DPC discovered that TikTok allowed children’s accounts to be linked to unverified profiles, potentially granting unauthorized access to a child’s account.
Age verification
One of the major concerns raised by the investigation was TikTok’s insufficient age verification methods. Although the DPC determined that TikTok’s age verification methods did not violate GDPR laws, they found that the company had not done enough to protect the privacy of children under the age of 13 who were able to sign up for an account.
Never pay full price for software again – Get 10% off your first order!
Public default settings for children’s accounts
One of the glaring issues identified by the DPC was TikTok’s default setting for children’s accounts. By setting children’s accounts to public by default, TikTok allowed anyone to view their videos without their knowledge or consent. This lack of privacy protection can be especially concerning for young users who may not fully understand the implications of sharing content publicly.
Secure your website wherever you are – TRY FREE
Linking children’s accounts to unverified profiles
Another problematic aspect of TikTok’s handling of children’s data was the ability to link children’s accounts to unverified profiles. This feature, known as “Family Pairing,” allowed an adult account to be connected to a child’s account for the purpose of managing app settings. However, the DPC found that TikTok did not adequately verify whether the linked profile belonged to a parent or guardian, potentially exposing children to individuals with malicious intent.
Insufficient privacy protection for children under 13
While TikTok’s age verification methods were not found to be in violation of GDPR laws, the investigation revealed that the company had not taken sufficient measures to protect the privacy of children under the age of 13. This age group is particularly vulnerable and requires extra safeguards to ensure their online safety. TikTok’s failure to adequately address these privacy concerns led to the significant penalty imposed by the DPC.
TikTok’s tightened privacy settings for users aged 13-15
In response to the investigation, TikTok implemented stricter privacy settings for users aged 13 to 15. These new settings make their accounts more private by default, providing greater protection for young users. By strengthening privacy controls, TikTok aims to mitigate the risks associated with the mishandling of children’s data and create a safer environment for its users.
Three months for TikTok to bring practices into compliance
The DPC has given TikTok a three-month deadline to bring its data handling practices into compliance with GDPR laws. During this time, TikTok must address the issues identified in the investigation and implement necessary changes to ensure the privacy and safety of young users. Failure to meet the compliance requirements could result in further penalties or legal actions against the company.
Fines against other social media platforms
It is worth noting that TikTok is not the only social media platform to face fines for mishandling children’s data. Other notable platforms, such as Meta (formerly Facebook), have also been fined for similar infractions related to the privacy and safety of young users. In 2022, Meta was fined over $400 million for allowing teen Instagram users to sign up for business profiles and making their contact information public, among other violations. These penalties serve as a reminder to social media platforms to prioritize the privacy and protection of their young user base.
Summing up
The recent fine imposed on TikTok by the Ireland Data Protection Commission highlights the company’s inadequate handling of children’s data. The investigation revealed multiple violations of GDPR laws, including default account settings that made children’s videos publicly viewable, issues with the Family Pairing feature, and insufficient privacy protection for children under the age of 13.
While TikTok has since implemented stricter privacy settings for users aged 13 to 15 and has been given three months to bring its practices into compliance, the significant penalty serves as a reminder that platforms must prioritize the privacy and safety of their young users. It is also important to note that other social media platforms have faced fines for similar infractions, emphasizing the need for greater accountability in protecting children’s data online.
