TikTok Hit with Staggering €345 Million Penalty for Child Data Violations in E.U.

The Irish Data Protection Commission (DPC) has fined TikTok a hefty €345 million (around $368 million) for breaching the European Union’s General Data Protection Regulation (GDPR) concerning the handling of children’s data.

The investigation, initiated in September 2021, focused on TikTok’s handling of personal data for users aged 13 to 17 between July 31 and December 31, 2020. Key findings included:

• Child users’ content was automatically set to public, exposing them to risks.
• Lack of transparent information provided to child users.
• The use of manipulative design elements during registration and video posting.
• A flaw in the Family Sharing setting that allowed non-verified adults to link with minors’ accounts, potentially enabling direct messaging to users above 16.

Aside from the financial penalty, TikTok must align its data processing practices with regulations within three months.

TikTok responded by disagreeing with the decision, highlighting that the criticized features have been updated since then, setting all under-16 accounts to private by default. It’s uncertain if TikTok intends to appeal.

The company also plans to introduce a redesigned registration process for 16 and 17-year-old users, opting for private accounts. TikTok boasts approximately 134 million monthly users in the E.U.

Notably, TikTok previously faced a €5 million fine in January 2023 from the French data protection authority for breaching cookie consent rules and complicating opt-out procedures, for more similar news

This news follows Google’s recent $93 million settlement with California’s Attorney General for allegedly collecting users’ location data without proper consent, violating consumer protection laws, According to The Hacker News