Irish Data Protection Commissioner Hits TikTok with €345 Million Fine Over Children’s Data Privacy Violations

The Irish Data Protection Commissioner (DPC), the leading regulator in the EU, has imposed a €345 million fine on TikTok, the Chinese-owned short-video platform, for privacy law violations related to the handling of children’s data in Europe. The DPC cited TikTok’s inadequate handling of children’s data as the basis for the hefty fine.

The violations occurred between July 31, 2020, and December 31, 2020. During this period, TikTok allegedly failed to properly verify whether a user was the actual parent or guardian of a child user when using the “family pairing” feature. Furthermore, accounts for users under the age of 16 were set to “public” by default.

While TikTok introduced stricter parental controls for family pairing in November 2020 and changed the default setting for all registered users under 16 to “private” in January 2021, a separate investigation into TikTok concerning the transfer of personal data to China and compliance with EU data regulations is still ongoing.

This fine comes six months after TikTok’s CEO, Shou Zi Chew, appeared before the U.S. Congress to address concerns and scrutiny over allegations that Chinese engineers had access to U.S. data, leading to calls for a U.S. ban on the platform.

Amidst increased scrutiny by international regulatory bodies, TikTok recently announced the launch of TikTok Shop in the United States. This move represents TikTok’s foray into fintech and aims to enable users not only to discover products but also to make purchases directly through the platform. The integration introduces shoppable videos and live streams to users’ feeds, facilitating connections between brands, creators, and engaged customers.