In a landmark decision, the Irish Data Protection Commission (DPC) has issued a staggering €345 million fine against social media giant TikTok for severe breaches of child privacy procedures.This fine marks the largest penalty ever imposed on TikTok by any regulatory body.
The DPC's investigation, which focused on TikTok's practices in 2020, revealed alarming lapses in the handling of children's data, particularly concerning age verification and privacy settings.
Under the stringent privacy laws of the European Union (EU), specifically the General Data Protection Regulation (GDPR), the DPC found that TikTok had failed to be adequately transparent with its young users regarding privacy settings and the processing of their personal information.
TikTok, owned by the Chinese firm Bytedance, has expressed its disagreement with the decision, especially the magnitude of the fine imposed.
The company defended its position, stating, "The criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began."
TikTok emphasised that it has taken significant steps to enhance privacy measures, such as making accounts for children up to the age of 15 private by default, with plans to extend this to 16 and 17-year-olds in the near future.
This hefty fine adds to a growing list of penalties imposed on tech giants for mishandling user data. Earlier this year, TikTok was fined £12.7 million in the United Kingdom for allowing children under the age of 13 to use the platform in 2020.
Furthermore, Meta, the parent company of Facebook, faced a monumental €1.2 billion fine in May for unauthorized data transfers from Europe to the United States.
European regulators are also intensifying their investigation into TikTok's alleged illegal data transfers from the EU to China, further escalating the company's legal challenges on the continent.
This substantial fine sends a strong message to tech companies that the EU is unwavering in its commitment to safeguarding the privacy and data rights of its citizens, particularly its younger users.
It underscores the global trend of regulators taking increasingly stringent actions against companies found in violation of data protection regulations, ensuring that privacy remains a top priority in the digital age.