April 18. 2024. 12:21

The Daily

Read the World Today

UK privacy regulator fines TikTok £12.7m for children’s data violations

The UK’s data protection authority sanctioned TikTok £12.7 million for multiple data law violations, including the unlawful use of children’s personal data.

The Information Commissioner’s Office (ICO) announced the fine on Tuesday (4 April) after concluding an investigation into potential breaches by the company of the UK’s data protection regime.

The inquiry found multiple infractions by the video-sharing platform, including some related to processing data belonging to children under the age of 13. An additional charge set out in the ICO’s prior notice of intent was dropped, however, reducing the original fine from £27 million to nearly £13 million.

“There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws,” said Information Commissioner John Edwards.

“TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had,” he said.

The ICO’s investigation revealed that the UK’s version of the EU’s flagship data protection law, the GDPR, was breached in multiple ways by TikTok between May 2018 and July 2020.

Protection of children

Despite TikTok’s policy that children under the age of 13 are prohibited from creating an account on the platform, the ICO estimated that as many as 1.4 million children of this age in the UK used the platform in 2020.

Under British law, organisations using personal data when offering online services to children this young are required to obtain consent from their parents or carers.

TikTok, the ICO says, failed to do this, despite it ought to have been aware of the fact that children were using its services. The regulator concluded that the company “failed to carry out adequate checks to identify and remove underage children from its platform”.

The investigation also found that concerns over this issue were raised internally, with senior officials at the company made aware of what was happening.

Informed decisions

The ICO has also charged TikTok with failing to provide sufficient, easy-to-understand information to platform users about how their data is collected, used, and shared.

Without this, the ICO says, users, especially children, were unlikely to have been able to make informed decisions about their engagement with it.

A breach was also found in the company’s failure to ensure that the personal data of UK users was processed lawfully, fairly and transparently.

In its original notice of intent, the ICO also included a provisional finding linked to the unlawful processing of special category data, such as race, sexual orientation or religious and political beliefs.

This, however, was dropped following representations from TikTok, and the originally proposed fine of £27 million was reduced to £12.7 million.

As a result of TikTok’s violations, “an estimated one million under 13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data,” Commissioner Edwards said.

“That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.”

“TikTok is a platform for users aged 13 and over,” a TikTok spokesperson said in reaction. “We invest heavily to help keep under 13s off the platform, and our 40,000-strong safety team works around the clock to help keep the platform safe for our community.”

“While we disagree with the ICO’s decision, which relates to May 2018 – July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year. We will continue to review the decision and are considering next steps.”

The fine comes at a time of enhanced scrutiny of TikTok, with recent bans on its download and use on the official devices of officials introduced by several governments over concerns about its data protection standards.

European Commission bans TikTok from corporate devices

The EU executive’s IT service has asked all Commission employees to uninstall TikTok from their corporate devices, as well as the personal devices using corporate apps, citing data protection concerns.