Ireland’s Data Protection Commission (DPC) announced a TikTok fine of about $368 million today based on how the popular social platform processes data of younger users. DPC announced in 2021 that it was investigating TikTok’s compliance with the European Union’s General Data Protection Regulation (GDPR) privacy and security laws. The investigation identified specific problems with TikTok’s default account settings, the Family Pairing settings, and its age verification process (although the age verification model did not violate GDPR, the probe found that TikTok did not sufficiently protect the privacy of children under 13 who were able to create an account).

“After consulting with the European Data Protection Board, the DPC found that TikTok set children’s accounts to public by default when they signed up on the platform,” reports The Verge. “That meant that kids’ videos were publicly viewable by default and that comments, duets, and Stitch features were also enabled by default.”

The Family Pairing feature “allows children’s accounts to be linked with a separate adult account, in theory to manage app settings like limiting screen time and restricting direct messages and content,” notes The Verge.

“The DPC found that children’s TikTok accounts could be linked to profiles that the company hadn’t verified belonged to a parent or guardian. Once linked, the child’s profile settings could be loosened by the adult user to allow DMs.”

TikTok was quick to respond today, contending that “the DPC looked at how certain privacy settings and features worked three years ago” and “most of the criticism we had addressed well before the investigation even began, such as setting all 13-15 year old accounts to private by default.”

The company “also made it easier for younger users to understand [the] privacy policy” and promises “to further strengthen protections for teenagers on TikTok.”

“Over 134 million people across Europe come to TikTok every month and our work to protect the privacy and safety of our community — and the teenagers who are part of it — has no finish line,” explains Elaine Fox, head of TikTok privacy in Europe. “Later this year, we will establish TikTok’s global Youth Council as a new forum for listening to the experiences of the teenagers who use our platform and to make changes to create the safest possible space for them.”

Earlier this year, TikTok received a $15.9 million fine by the United Kingdom “for a number of breaches of data protection law, including misusing children’s personal data,” reported CNN in April.

“There are laws in place to make sure your children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws,” said UK Information Commissioner John Edwards at the time. “TikTok should have known better. TikTok should have done better.”

Related:
TikTok Fined $370 Million for Mishandling Child Data, The New York Times, 9/15/23
TikTok Fined $368 Million for Children’s Data Privacy Violations in Europe, Axios, 9/15/23
TikTok Fined €345m for Breaking EU Data Law on Children’s Accounts, The Guardian, 9/15/23