TikTok could face a $29m fine for failing to protect children’s privacy when they’re using the platform.
The UK’s Information Commissioner’s Office (ICO) found that the video-sharing platform may have processed under-13s’ data without their consent.
The breach occurred over more than two years, until July 2020, according to the watchdog, but no final conclusions have been reached.
TikTok says it disagrees with the findings, calling them “provisional.”
The ICO has issued a “notice of intent” to TikTok Inc and TikTok Information Technologies UK Limited, a legal document that precedes a potential fine.
The notice outlines the ICO’s preliminary conclusion that TikTok violated UK data protection law between May 2018 and July 2020.
The ICO investigation found the social platform may have:
- processed the data of children under the age of 13 without appropriate parental consent
- failed to provide proper information to its users in a concise, transparent, and easily understood way
- processed special category data, without legal grounds to do so
According to Ofcom, 44% of eight to 12-year-olds in the UK use TikTok, despite the platform’s policies prohibiting under-13s from using it.
Information Commissioner John Edwards said: “We all want children to be able to learn and experience the digital world, but with proper data privacy protections.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
TikTok has implemented a number of privacy and safety features, such as allowing parents to link their accounts to their children’s accounts and disabling direct messaging for under-16s.
But Mr. Edwards continued: “I’ve been clear that our work to better protect children online involves working with organizations, but will also involve enforcement action where necessary.
“In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s Code, and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough.”
The Federal Trade Commission fined the company a record $5.7 million in 2019 for mishandling children’s data.
South Korea has also fined it for similar reasons.
The US Senate Commerce Committee voted in July to approve a bill that would raise the age at which children are granted special online privacy protections to 16, as well as prohibit targeted advertising to children without their consent.