TikTok is facing a €345 million (about $368 million) fine in Ireland. The Irish Data Protection Commission (DPC) found that the shortform video-sharing service failed to protect children who used the app. The DPC, the chief European data privacy regulator for most tech companies, has been investigating TikTok since 2021.
TikTok Technology Limited has recently filed a lawsuit against the European Data Protection Board (EDPB) at the Court of Justice of the European Union (CJEU). This legal move comes in response to the EDPB’s Binding Decision 2/2023, which resulted in a hefty €345 million fine imposed on TikTok by the Irish Data Protection Authority. In its action, TikTok is seeking to annul the decision, presenting four key pleas. Among these, the company argues that the EDPB overstepped its authority in issuing the binding decision and violated TikTok’s rights as outlined in the Charter of Fundamental Rights of the European Union. This development marks a significant turn in the ongoing debate around data protection and the powers of regulatory bodies within the EU.
The commission looked into how TikTok processes children’s data alongside concerns with how the company transfers data to China, where their owner is based. TikTok took in $9.8 billion in 2022, meaning this fine could represent a whopping 3.8% of the company’s revenue.
Prior to the investigation, TikTok showed off steps to prioritize child safety, but the DPC called those efforts too little, too late. The nine-figure fine stems from violations in the latter half of 2020, during which time they say TikTok’s signup process pushed users toward more “privacy-intrusive” settings and led to teens’ profiles being set to publicly visible by default.
On top of these issues, the “family pairing” feature designed to help parents manage their kids’ accounts actually enabled other adults to remotely turn on direct messaging for 16 and 17-year-olds.
The Irish regulator also examined how the app verifies that users are age 13 or older and found TikTok compliant in that case. The DPC gave TikTok three months to fully comply, but the company claims the bulk of the practices for which they were reprimanded have been resolved for years.
This isn’t the first time TikTok has come under fire for how children interact with their platform or even the first time the company’s been fined for violating children’s rights in this part of the world.
Most European countries fall under the General Data Protection Regulation (GDPR), a strict set of privacy rules that gives individuals extensive control over their personal data. The same regulators hit Meta with the largest GDPR fine ever—$1.2 billion—earlier this year.
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.
