Ireland’s Data Protection Commission said in a statement that it has handed down the “administrative fine”, which is equivalent to $369 million, over the breaches it uncovered in a two-year inquiry.
The watchdog, which plays a central role in enforcing EU data rules, gave TikTok three months to make the appropriate changes.
Ireland’s DPC also play a key role in policing the bloc’s strict General Data Protection Regulations.
The watchdog in September 2021 began examining TikTok’s compliance with GDPR in relation to platform settings and personal data processing for users aged under 18.
It also looked at TikTok’s age verification measures for persons under 13 and found no infringement, but found the platform did not properly assess the risks to younger people registering on the service.
The DPC highlighted Friday in its ruling how children signing up had TikTok accounts set to public by default, meaning anyone could view or comment on their content.
It also criticised TikTok’s “family pairing” mode, which is designed to link parents’ accounts to those of their teenage offspring, but the DPC found the company did not verify parent or guardian status.
Ireland is at the centre of the GDPR regime because Dublin hosts the European headquarters of TikTok and the likes of Google, Meta and X, formerly Twitter.
TikTok, a division of Chinese tech giant ByteDance, is extremely popular among young people with 150 million users in the United States and 134 million in the European Union.
In response to Friday’s fine, TikTok said it “respectfully disagrees” with the verdict and was “evaluating” how to proceed.
“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default,” a TikTok spokesperson told AFP.
AFP