Britain’s privacy watchdog, the Information Commissioner’s Office (ICO), has fined TikTok £12.7 million for misusing children’s personal data. The ICO bases the fine on several breaches of British privacy law:
- First, more than one million UK children use TikTok while below the age of 13. This violates TikTok’s own terms of service.
- In addition, TikTok processes the personal data of children under 13 without parental consent (which is required).
- TikTok did not do enough to check who was using TikTok and did not take sufficient action to remove children under 13 from the platform.
- Moreover, TikTok failed to provide proper information to users in an easily understandable way about how their data is collected, used and shared.
- TikTok failed to ensure that its UK users’ personal data was processed lawfully, fairly and transparently.
The violations on which the ICO bases its fine were also previously flagged by the Take Back Your Privacy Foundation (TBYP). These allegations are part of the collective action brought by TBYP, with the support of the Consumentenbond, against TikTok on behalf of children in the Netherlands. It is a positive development that these privacy violations have now been identified and fined by the ICO.
Signing up for TBYP’s collective action against TikTok is still possible via this link.