TikTok has recently been fined £12.7m by the UK Information Commissioner’s Office (ICO) for multiple breaches of data protection law, including allowing over a million UK children under the age of 13 to use its platform. The platform violated its own terms of service, which prohibit children under 13 from creating accounts, and failed to obtain parental consent for the use of children’s personal data.
According to the ICO, TikTok did not adequately check who was using its platform and take sufficient action to remove the underage children that were present on it. This is a clear violation of UK data protection law, which requires organizations to obtain parental or carer consent when offering information society services to children under the age of 13.
The ICO found that TikTok breached the UK General Data Protection Regulation between May 2018 and July 2020 by providing its services to UK children under the age of 13 and processing their personal data without consent or authorization from their parents or carers. The company also failed to provide proper information to users of the platform about how their data is collected, used, and shared in a way that is easy to understand, especially for children.
Furthermore, TikTok failed to ensure that the personal data belonging to its UK users was processed lawfully, fairly, and transparently. The company received an estimated one million under-13s using its platform inappropriately, with TikTok collecting and using their personal data, which could have been used to track and profile them, potentially delivering harmful and inappropriate content at their next scroll.
The ICO has published the Children’s code, a statutory code of practice aimed at online services, such as apps, gaming platforms, and web and social media sites that are likely to be accessed by children. The code sets out 15 standards to ensure children have the best possible experience of online services.
TikTok should have known better and done better, but they didn’t. Therefore, the fine levied against them by the ICO reflects the serious impact their failures may have had.
