Shafaq News/ TikTok, the popular Chinese-owned short-video platform, has been fined €345 million ($370 million) for violating European Union privacy laws concerning the processing of children's data, according to Ireland's Data Protection Commissioner (DPC), the lead regulator for many global tech companies in the EU.
The breaches occurred between July 31, 2020, and December 31, 2020, marking the first time that ByteDance-owned TikTok has faced reprimand from the DPC. The fines relate to various EU privacy laws that TikTok violated during this period.
Among the breaches, the DPC highlighted that TikTok had set the default privacy settings to "public" for users under 16 in 2020 and failed to verify whether users claiming to be parents or guardians in the "family pairing" feature were genuine.
TikTok has since introduced measures to address these issues, including stricter parental controls and changing the default setting for users under 16 to "private." The company also plans to clarify the differences between public and private accounts.
The DPC has given TikTok three months to ensure all processing activities comply with EU privacy laws.
Additionally, the DPC is conducting a separate investigation into TikTok's transfer of personal data to China and whether it adheres to EU data regulations for cross-border data transfers.
Under the EU's General Data Protection Regulation (GDPR), which came into effect in 2018, the lead regulator for a company can impose fines of up to 4% of the company's global revenue. The DPC has previously levied substantial fines against other tech giants.
As of the end of 2022, the DPC had 22 ongoing inquiries involving multinational companies based in Ireland.
TikTok has expressed disagreement with the DPC's decision, particularly the size of the fine, but noted that many of the criticisms have been addressed through changes made before the DPC's investigation began in September 2021.