Ireland's Data Protection Commission (DPC), Europe's lead privacy regulator for Big Tech companies, said in a statement that the Chinese-owned short-video platform breached a number of European Union data privacy laws.
The investigation found that the sign-up process for teen users aged 13-17 resulted in settings that made their account profiles "public" by default – allowing anyone to view, comment on their videos and contact the minor user.
With over 134 million monthly users in the European Union (EU), the Information Commissioner's Office (ICO) noted that children's data may have been used to track and profile them because of those default settings – increasing the risk of potential harmful and dangerous content being displayed on their accounts.
In addition, a "family pairing" feature designed for parents to manage settings wasn't strict enough. (Related: TikTok becoming a platform for child sexual exploitation.)
TikTok does not verify whether a user is actually a child's parent or guardian. The platform also allowed adults to turn on direct messaging for users aged 16 and 17 without the consent of their parents or guardians and nudged teen users into more "privacy intrusive" options when signing up and posting videos.
The European Consumer Organization Deputy Director-General Ursula Pachl said she hopes the fine serves as a "wake-up call" for social media platforms and that this decision triggers change at the company to truly address issues, which not only concern minors but adults as well.
Pachl stated that the U.K. imposed a $15.9 million fine on the platform for similarly failing to protect the privacy of children by reportedly allowing over 1.4 million children under 13 in 2020 alone to access the TikTok platform even though they're not allowed to use the app.
The DPC gave TikTok three months to bring all its processing where infringements were found into compliance. It has a second probe open into the transferring by TikTok of personal data to China and whether it complies with EU data law when moving personal data to countries outside the bloc. In March, the DPC said it was preparing a preliminary draft decision into that investigation.
Under the EU's General Data Protection Regulation (GDPR), which was introduced in 2018, the lead regulator for any given company can impose fines of up to four percent of the company's global revenue.
The DPC has hit other tech giants with big fines, including a combined 2.5 billion euros ($2.66 billion) levied on Meta Platforms.
Meanwhile, TikTok said in a statement that it disagrees with the decision, "particularly the level of the fine imposed."
Tiktok's head of privacy in Europe Elaine Fox published a blog post detailing how the platform has updated its policies even before the EU's investigation began in September 2021.
"Most of the decision's criticisms are no longer relevant as a result of measures we introduced at the start of 2021 – several months before the investigation began," Fox wrote in a blog post.
TikTok made all accounts for users aged 13 to 15 private by default in January 2021, Fox said. The platform plans to further update its privacy materials to make the differences between public and private accounts clearer.
It will also roll out later this month a "redesigned registration flow" for new users aged 16 to 17 that will be "pre-selected" for a private account when they register for the app, Fox said.
On the "family pairing" feature, TikTok added tougher parental controls in November 2020 and changed the default setting for all registered users under the age of 16 to "private" in January 2021.
A TikTok spokesperson told BBC that "our 40,000-strong safety team works around the clock to help keep the platform safe for our community."
"While we disagree with ICO's decision, which relates to May 2018-July 2020, we will continue to review the decision and are considering next steps," the spokesperson added.
Visit BigTech.news for more concerns about social media and other online platforms.
Watch this video that talk about TikTok getting hit with massive $367 million fine for mishandling children's data.
This video is from the Daily Videos channel on Brighteon.com.