(London) The European Union on Friday imposed a fine of 345 million euros on the social network TikTok for violating its data protection rules (GDPR) in the processing of information concerning minors.
TikTok Technology Limited will have to pay “administrative fines totaling €345 million” and bring its operations into compliance within three months, the Irish Data Protection Commission (DPC) announced in a statement. , acting on behalf of the EU.
In September 2021, the DPC opened an investigation into this subsidiary of the Chinese giant ByteDance, very popular among young people, which today has 150 million users in the United States and 134 million in the European Union.
The relevant offenses related to the period between July 31 and December 31, 2020.
The Irish authority notes in particular in its decision that the registration of children on the platform was done in such a way that their accounts were defined as public by default.
Other issues related to the “family connection” mode, which allows you to link a parent’s TikTok account to that of their teenager. According to the decision, the company notably did not verify whether the associated user was actually the parent or guardian.
In addition, if the platform is in theory reserved for users aged at least 13, the DPC considers that TikTok did not properly take into account the risks posed to younger people who still managed to create an account.
TikTok “respectfully disagrees with the decision, in particular the level of the fine imposed”, reacted a spokesperson in a statement sent to AFP, specifying that the company “evaluates the next steps”, without decide on the possibility of appealing.
“Criticism of the DPC focuses on features and settings that were in place three years ago, and which we changed” shortly thereafter, the company argued, noting for example that all DPC accounts people under 16 are now private by default.
The company says it closely monitors the age of its users, including removing nearly 17 million accounts worldwide in the first three months of 2023 alone because they were suspected of belonging to people younger than 13 years old.
The Irish Data Protection Authority has jurisdiction to act on behalf of the EU because TikTok’s principal place of business in Europe is in Ireland.
This is not the first time that TikTok has been fined for its processing of minors’ data: the social network was fined $5.7 million in the United States in 2019, from $750,000 euros in the Netherlands in 2021 and 12.7 million pounds in the United Kingdom last April for comparable facts.
Social networks are regularly accused of having harmful effects on younger users, for example by overexposing them to the seemingly ideal lives of other people or to inappropriate advertisements.
The French Parliament voted at the end of June to require platforms like TikTok, Snapchat or Instagram to verify the age of their users and parental consent when they are under 15 years old.
Friday’s sanction comes in a context of strengthening controls and legal procedures in the European Union, but also in the United States, against tech giants, from TikTok to GAFA (Google, Amazon, Facebook and Apple).
Meta was notably fined a record €1.2 billion by the Irish regulator in May for violating European data protection rules with its social network Facebook.
Faced with mistrust from public authorities, TikTok also announced at the beginning of September that it had started hosting the data of its European users in Ireland, in order to allay fears regarding its Chinese shareholders.
