The Irish Data Protection Commission, an independent authority that enforces personal data protection, ordered TikTok to pay $368 million
(€345 million) for mishandling children’s personal data.
The Commission opened two separate investigations to determine whether TikTok complies with General Data Protection Regulation (GDPR). The hefty fine is based on its 2021 investigation that examined TikTok’s public-by-default settings, “Family Pairing” tool, and age verification process. The second investigation, which is ongoing, examines whether TikTok’s Beijing-based parent company, ByteDance, has unlawfully transferred TikTok users’ data
from the EU to China.
The privacy watchdog’s first investigation found that TikTok failed to protect minor users (aged 13 to 17) from unnecessary data processing, and its data collection practices weren’t transparent. The minimum age for a person to create a TikTok account is 13, but the Commission found that TikTok processed data on individuals under 13 who attempted to create accounts as part of its age verification process.
The investigation also showed that TikTok violated the GDPR in 2020 with so-called “dark patterns” that manipulated users into taking certain actions on the app.
In the first quarter of 2023, TikTok removed 17 million accounts
from its platform due to suspicions that the users were under 13. Around that time, TikTok took down 91 million videos for violating its rules. More than a quarter of these videos also violated its minor safety rules.
This is TikTok’s largest fine by regulators to date but is not the first one related to mishandling children’s data. Earlier this year, the social media platform was reprimanded with a $16 million fine for breaking children’s data protection laws in the UK
. Other similar penalties include 2021’s $1 million fine by the Dutch authorities and 2019’s $5.7 million settlement with the Federal Trade Commission.
In addition to the high fine, TikTok must make its data processing practices compliant by the end of the year. The EU also launched a stricter set of rules known as the Digital Services and Digital Market Acts
that went into effect on August 25 for tech companies with 45+ million users, which includes TikTok.
If TikTok fails to comply with these regulations, it could face fines of up to 6% of its global annual revenue, which translates to billions of dollars given that its parent ByteDance made $80 billion in revenue in 2022.