TikTok has been fined €345m (£296m) for breaching privacy laws over the processing of children’s personal data, an EU regulator has said.
The investigation by Ireland‘s data protection commission found the Chinese-owned video app‘s default settings made teenagers’ accounts publicly viewable by default.
It said this also posed a risk to children under 13 who signed up, even though they’re meant to be barred.
And the app’s “family pairing” feature, which allows adults to manage the settings of their child’s account, wasn’t stringent enough.
Teen users were nudged towards more “privacy intrusive” options when signing up and posting videos, it added.
TikTok has hit back against the commission’s findings, which are similar to those made by the UK data watchdog earlier this year that led to a £12.7m fine.
TikTok argued it had already made relevant changes by the time the Irish investigation began in September 2021, including making all accounts owned by under-16s private by default.
Elaine Fox, TikTok’s head of privacy for Europe, said most of the regulator’s criticisms “are no longer relevant”.
Regulator’s record of big tech fines
The data protection commission has effectively become the EU’s privacy watchdog as many global tech giants, including Facebook and Instagram owner Meta, run their European operations from Ireland.
It has been criticised in the past for moving too slowly with its investigations and subsequent fines.
Earlier this year, the Irish commission issued a record €1.2bn (£1bn) penalty to American-owned Meta for transferring European user data to the US for processing.
Before that, it had fined the company €390m (£343m) for forcing users to agree to personalised adverts.
It has also fined WhatsApp, another Meta firm, €225m (£193m) for breaking other data-sharing regulations.
Read more:
Why TikTok’s data lust is far from unique
Please use Chrome browser for a more accessible video player
3:30
Why is TikTok getting banned?
TikTok’s bid to combat privacy concerns
Friday’s fine against TikTok comes as it seeks to combat privacy concerns among European politicians, chiefly by launching its first local data centre in Dublin.
Until now, all user data was kept on servers in the US and Singapore.
Ireland will also host a second such hub, which is under construction, and another is being built in Norway.
Those suspicious of TikTok have suggested user information could be shared with the Chinese government, however the company has said it would not do so and that Beijing’s laws do not extend to data held abroad.