Irish watchdog fines TikTok $367.7 million for child user data violations

Doug Cunningham
·2 min read
The Irish Data Protection Commission on Friday fined TikTok $367.7 million for violating EU child user data law. File Photo by John Angelillo/UPI
The Irish Data Protection Commission on Friday fined TikTok $367.7 million for violating EU child user data law. File Photo by John Angelillo/UPI

Sept. 15 (UPI) -- The Irish Data Protection Commission on Friday fined TikTok $367.7 million for violations of the European Union's child data regulations.

The Irish watchdog said in a statement that the Chinese-owned social media platform failed through various methods to protect data from underage users from adults.

The DPC said profile settings were set public by default for users between the ages of 13 and 17, allowing anyone was able to view the content they posted whether they had a TikTok account or not.

The 'Family Pairing' setting also allowed adult users not verified as parents or guardians to pair their accounts to child user accounts, enabling direct messaging from adults to child users older than 16.

Additionally, the watchdog said TikTok failed to provide sufficient transparency information to child users and "implemented 'dark patterns' by nudging users toward choosing more privacy-intrusive options during the registration process, and when posting videos."

TikTok has faced widespread scrutiny over its data with CEO Shou Zi Chew testifying before Congress on the issue in March. File Photo by Bonnie Cash/UPI
TikTok has faced widespread scrutiny over its data with CEO Shou Zi Chew testifying before Congress on the issue in March. File Photo by Bonnie Cash/UPI

It added that all of practices posed possible risks to children, including those under 13 who gained access to TikTok.

In response, the DPC issued a reprimand to TikTok and ordered the platform to bring its data processing into compliance with EU regulations within three months.

The administrative fines were for violations of the EU's General Data Protection Regulation, which governs how personal data is processed and transferred. The GDPR is the strongest privacy and security law in the world, according ot the EU.

That law defines individual fundamental digital rights as well as the obligations of a company's processing data. It includes compliance methods and sanctions for violations.

Britain fined TikTok $16 million in April for unlawful use of data of children younger than 13.

TikTok opened a new $400 million data center in Ireland earlier this month and began migrating European data to that facility, the first of three such facilities planned for the EU in an effort to build a specially reinforced environment for data of the approximately 150 million European TikTok users.

The U.S. government, the European Commission, Britain and Canada have all banned the app on government devices amid concerns over TikTok's Chinese ownership.

Montana became the first state to ban TikTok entirely, effective Jan. 1. TikTok sued the state in May, alleging the ban is unconstitutional.