European regulators slapped TikTok with a $368 million superb on Friday for failing to guard children’s privacy, the primary time that the favored short video-sharing app has been punished for breaching Europe’s strict data privacy rules.
Ireland’s Data Protection Commission, the lead privacy regulator for Big Tech corporations whose European headquarters are largely in Dublin, said it was fining TikTok 345 million euros and reprimanding the platform for the violations dating to the second half of 2020.
The investigation found that the sign-up process for teen users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos. Those default settings also posed a risk to children under 13 who gained access to the platform though they’re not allowed.
Also, a “family pairing” feature designed for folks to administer settings wasn’t strict enough, allowing adults to activate direct messaging for users aged 16 and 17 without their consent. And it nudged teen users into more “privacy intrusive” options when signing up and posting videos, the watchdog said.
TikTok said in an announcement that it disagrees with the choice, “particularly the extent of the superb imposed.”
The corporate identified that the regulator’s criticisms focused on features and settings dating back three years. TikTok said it had made changes well before the investigation began in September 2021, including making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.
“Many of the decision’s criticisms aren’t any longer relevant consequently of measures we introduced in the beginning of 2021 — several months before the investigation began,” TikTok’s head of privacy for Europe, Elaine Fox, wrote in a blog post.
The Irish regulator has been criticized for not moving fast enough in its investigations into Big Tech corporations since EU privacy laws took effect in 2018. For TikTok, German and Italian regulators disagreed with parts of a draft decision issued a 12 months ago, delaying it further.
To avoid recent bottlenecks, the Brussels headquarters of the 27-nation bloc has been given the job of enforcing recent regulations to foster digital competition and clean up social media content — rules geared toward maintaining its position as a global leader in tech regulation.
In response to initial German objections, Europe’s top panel of information regulators said TikTok nudged teen users with pop-up notices that didn’t lay out their selections in a neutral and objective way.
“Social media corporations have a responsibility to avoid presenting selections to users, especially children, in an unfair manner — particularly if that presentation can nudge people into making decisions that violate their privacy interests,” said Anu Talus, chair of the European Data Protection Board.
The Irish watchdog, meanwhile, also had examined TikTok’s measures to confirm whether users are at the very least 13 but found they didn’t break any rules.
The regulator continues to be carrying out a second investigation into whether TikTok complied with the EU’s General Data Protection Regulation when it transferred users’ personal information to China, where its owner, ByteDance, relies.
TikTok has faced accusations it poses a security risk over fears that users’ sensitive information could find yourself in China. It has launched into a project to localize European user data to deal with those concerns: opening a knowledge center in Dublin this month, which shall be the primary of three on the continent.
Data privacy regulators in Britain, which left the EU in January 2020, fined TikTok 12.7 million kilos ($15.7 million) in April for misusing children’s data and violating other protections for young users’ personal information.
Instagram, WhatsApp and their owner Meta are amongst other tech giants which were hit with big fines by the Irish regulator over the past 12 months.