European Union (EU) regulators have issued the China-based social media platform TikTok and its mother company ByteDance with a €345-million ($368-million) fine Friday (September 15) for its failure to protect children's privacy as per its strict General Data Protection Regulation (GDPR). The fine was the first time that the app was punished for breaching Europe's strict data privacy rules.
Ireland's Data Privacy Commission, the lead privacy regulator for Big Tech firms whose European headquarters are in Dublin, said it was fining and reprimanding TikTok for the violations dating to the second half of 2020.
According to the Associated Press, the investigation of the app's violations found that the sign-up process for teen users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos. Those default settings also posed a risk to children under 13 who gained access to the platform even though they're not allowed.
The investigation also found out that the "family pairing" feature designed for parents to manage settings was not strict enough, allowing adults to turn on direct messaging for users aged 16 and 17 without their consent. TikTok also nudged teen users into more "privacy intrusive" options when signing up and posting videos, the watchdog added.
The Irish watchdog also examined TikTok's measures to verify whether users were at least 13 but found they did not break any rules.
TikTok Insists Charges Incurred Were from Outdated Versions
Meanwhile, TikTok's Europe head of privacy Elaine Fox said in a statement that the company disagrees with the decision, "particularly the level of the fine imposed." The firm insisted the regulator's accusations focused on features and settings dating back three years, and has since made changes well before the investigation began in September 2021. The changes included making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.
On the other hand, the Irish regulator was also criticized for not expediting the investigations into Big Tech firms since the implementation of the GDPR in 2018. For TikTok, German and Italian regulators disagreed with parts of a draft decision issued a year ago, delaying it further.
To avoid further bottlenecks, the EU has been given the responsibility of enforcing the new regulations to foster digital competition and clean up social media content, which is aimed at maintaining its position as the global leader in tech regulation.
TikTok Not Out of the Irish Woods Just Yet
The Irish regulator is still carrying out a second investigation into whether TikTok complied with the GDPR when it transferred users' personal information to China, where ByteDance is based. The investigation was launched after the app faced accusations it posed a security risk over fears users' sensitive information could have been sent to China.
In response, TikTok embarked on a project to localize European user data to address those concerns by opening a data center in Dublin this month, the first of three planned in the continent.
Instagram, WhatsApp, and their owner Meta, and other tech giants have also been hit with big fines by the Irish regulator over the past year.