The Irish Data Protection Commission (DPC) has slammed TikTok with a staggering fine of €345 million ($368 million), with the popular social media platform failing to adequately protect children’s privacy.
Last Friday, the DPC, which scrutinizes the activities of TikTok in the EU, announced this decision after it found TikTok violating a prominent privacy law of the EU.
Investigations reveal that the default settings of TikTok failed to secure children’s accounts completely in the latter half of 2020. It pointed out that newly created profiles for kids were set to public by default.
Thus, anyone on the internet could get access to these accounts. Besides, the regulator pointed out that TikTok failed to inform children about these privacy risks and used ‘dark patterns’ to prompt users to divulge even more personal information.
The Family Pairing feature on TikTok was one of the most critical breaches of the EU privacy law as it involved a loss of parental control.
The DPC found that TikTok did not require an adult to oversee a child’s account or to be verified as the actual guardian or parent of the minor. This authentication lapse implied that any adult could virtually compromise the privacy safeguards of a child.
The Family Pairing feature, integrated into the platform in April 2020, allowed adults to link their accounts with child accounts. This enabled them to manage unwanted content and screen time and oversee their children’s direct messages.
TikTok Refuses To Accept Some Aspects Of The Decision
Elaine Fox, the European privacy chief of TikTok, stated that the company “respectfully” disagreed with certain aspects of the decision.
Following these changes, TikTok set the accounts for children aged between 13 and 15 private by default. Fox also mentioned that later in the month, TikTok plans to roll out a redesigned account registration process for new users aged 16 and 17.
TikTok, however, didn’t explicitly state that Family Pairing would now require verification of an adult’s relationship with the child. The social media platform defended the feature, mentioning that they had upgraded the feature over time with additional tools and options.
TikTok also emphasized that none of the findings of the DPC concluded that its age verification measures violated the privacy laws of the EU.
This is not the first time TikTok has faced penalties for privacy breaches. Last April, the company faced a $16 million fine in the UK for various data protection law violations, including the misuse of children’s personal data.
In the current case, the company has taken steps to address its privacy issues. It remains to be seen how effective these measures prove to be in reality.