Ireland’s privacy watchdog, the Data Protection Commission (DPC), is fining TikTok €345 million for violating children’s privacy during a period of five months in 2020 (see DPC press release). TikTok must also end the established violations within three months. The DPC bases the fine on several GDPR violations:
- Videos of children were public by default on TikTok and thus visible to everyone (not just friends or other TikTok users);
- In addition, the ‘family pairing’ setting, which is supposed to give parents more control over their children’s TikTok account, was set incorrectly. This also allowed other adults to pair their account to the child’s account, enabling e.g. online grooming;
- Children received unclear and insufficiently transparent information about their account settings;
- TikTok implemented so-called ‘dark patterns’ to nudge children into choosing privacy-intrusive settings.
The Take Back Your Privacy Foundation (TBYP) also bases its collective action against TikTok on behalf of children in the Netherlands, among other things, on the privacy violations as identified by the DPC (see a summary of TBYP’s action against TikTok here). TBYP considers it a positive development that these privacy violations have now been identified and fined by the DPC.
You can still sign up for TBYP’s collective action against TikTok via this link.