TikTok faces a €345 million fine for child privacy violations in Ireland.
Irish regulators have imposed a €345 million ($401 million) fine on TikTok for breaching children’s privacy regulations. The violation relates to the platform’s handling of children’s data in 2020, specifically concerning age verification and privacy settings.
This fine represents the largest penalty TikTok has received from regulatory authorities to date. The Irish Data Protection Commission (DPC) issued the fine under the European Union’s General Data Protection Regulation (GDPR), which establishes data handling rules for companies.
The DPC’s investigation found that TikTok had not been sufficiently transparent with children regarding its privacy settings and raised concerns about how their data was processed. Accounts created by users aged between 13 and 17 were set to public by default upon registration, exposing their posted content to anyone, which was deemed a violation of GDPR’s data protection by design and by default requirements.
The platform now has three months to ensure its data processing practices fully comply with GDPR regulations. The DPC’s decision was welcomed by Prof. Sonia Livingstone, who specialises in children’s digital rights at the London School of Economics and Political Science, who emphasised that children have the right to participate in the digital world without exploitation or manipulation and that platforms should treat their data fairly and transparently.
TikTok’s fine, although in the hundreds of millions, is smaller than other recent penalties imposed on tech companies. For example, Meta (formerly Facebook) received a €1.2 billion ($1.4 billion) fine from regulators in May for mishandling data transfers between Europe and the United States. However, it is significantly larger than the £12.7 million ($17.4 million) fine TikTok received from the UK’s data watchdog in April for allowing children under 13 to use the platform in 2020. The DPC’s fine specifically pertains to 2020, and TikTok took various measures in subsequent years to enhance compliance, such as making accounts for 13- to 15-year-olds private by default in January 2021 and planning to set 16- and 17-year-olds’ accounts to private by default in the future.