Ireland Fined TikTok €345 Million

Irish Data Protection Commission (DPC) imposed administrative fines totaling €345 million on TikTok. The company has failed to comply with GDPR in handling children’s information.

The DPC explained an investigation commenced in 2021 found TikTok had breached multiple privacy laws between July 2020 and December 2020 for failing to protect data belonging to child users. The watchdog pointed to the settings that made children’s accounts publicly accessible by default, exposing the content posted to users and non-users of the platform.

Other infringements include a family pairing feature that can connect children’s accounts with adults who had not been verified as a parent or guardian and flaws in the age verification system. Furthermore, the DPC explained a Supervisory Authority in Berlin called for the inclusion of an additional finding of infringement of GDPR fairness principles relating to so-called dark patterns which nudge users towards choosing more privacy-intrusive options during sign-up and when posting videos. TikTok has three months to bring its processing into compliance.

In response to the decision, TikTok argued that most of the decision’s criticisms are no longer relevant as a result of measures they introduced at the start of 2021, several months before the investigation began. “We respectfully disagree with several aspects of the decision, particularly the level of the fine, and we want to provide some important context while we evaluate next steps,” the company said in a statement.