TikTok is hit with $368 million fine under Europe's strict data privacy rules

LONDON (AP) — European regulators have imposed a substantial $368 million fine on TikTok, marking the first instance of this popular short video-sharing app facing consequences for violating Europe's stringent data privacy regulations.

The lead privacy regulator for major tech companies in Dublin, Ireland's Data Protection Commission, has fined TikTok 345 million euros and reprimanded the platform for these violations, which date back to the latter half of 2020.

The investigation uncovered that the sign-up process for teenage users automatically set their accounts to public by default, allowing unrestricted access and comments on their videos. These default settings posed a particular risk to children under 13 who managed to access the platform despite age restrictions.

Furthermore, a "family pairing" feature, intended for parental control, lacked sufficient restrictions, permitting adults to enable direct messaging for users aged 16 and 17 without their consent. Additionally, it pushed teenage users toward more privacy-invasive options during registration and video posting, as noted by the regulatory body.

TikTok has expressed its disagreement with the regulatory decision, particularly with the magnitude of the fine imposed. The company emphasized that many of the criticisms pertained to features and settings from three years ago. TikTok highlighted that it had already implemented significant changes before the investigation began in September 2021, including defaulting to private accounts for users under 16 and disabling direct messaging for 13- to 15-year-olds.

Elaine Fox, TikTok's head of privacy for Europe, noted in a blog post that most of the criticisms in the decision are no longer applicable due to measures enacted at the start of 2021, well ahead of the investigation.

The Irish regulator has faced criticism for perceived delays in investigating Big Tech companies since the implementation of EU privacy laws in 2018. Disagreements with German and Italian regulators further delayed the decision regarding TikTok.

To streamline regulatory efforts, the European Union's Brussels headquarters has taken on the responsibility of enforcing new regulations aimed at promoting digital competition and improving social media content standards, reaffirming the EU's role as a global leader in tech regulation.

Regarding age verification, the Irish watchdog found no violations by TikTok.

Additionally, the regulator is conducting a separate investigation to determine whether TikTok complied with the EU's General Data Protection Regulation when transferring users' personal data to China, where its parent company, ByteDance, is based.

TikTok has faced security concerns regarding the potential risk of users' sensitive information being sent to China. To address these concerns, TikTok has initiated a project to localize European user data, including the recent opening of a data center in Dublin, the first of three planned on the continent.

Notably, Instagram, WhatsApp, and their parent company, Meta, have also been subject to substantial fines by the Irish regulator over the past year.