EU Fines TikTok $368M Over Children’s Privacy Rights

The Guardian reports:

TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view. The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

It found TikTok had contravened GDPR by placing child users’ accounts on a public setting by default; failing to supply transparent information to child users; allowing an adult accessing a child’s account on the “family pairing” setting to enable direct messaging for over-16s; and not properly taking into account the risks posed to under-13s on the platform who were placed on a public setting.

Forbes reports:

The body found that TikTok violated several parts of GDPR in 2020, including articles pertaining to the processing of young users’ data and to so-called “dark patterns,” design decisions that deceive or manipulate users into taking certain actions in an app. In addition to the hefty fines in the hundreds of millions, the commission is requiring TikTok to make its data processing compliant by the end of the year.

This all but concludes one of two major investigations that the regulator in Ireland, home to TikTok’s European headquarters, has launched into the company and whether it has complied with GDPR. The other probe is examining whether TikTok—owned by Beijing-based parent ByteDance—has unlawfully transferred European users’ personal data from the EU to China, and whether it was sufficiently transparent with users about how it was handling their information.

The GDPR (General Data Protection Regulation) was approved a part of the European Union’s Charter of Fundamental Rights in 2018.