European regulator, the Data Protection Commission (DPC), has fined TikTok $370m for violating laws on handling children’s personal data in the EU.

The DPC, which is headquartered in Ireland, found that, between July 2020 and December 2020, the Chinese-owned video platform infringed on several EU privacy laws.

The DPC’s investigation found that profile settings for child user accounts were set to public by default, meaning anyone could view content posted by a child user.

TikTok altered the default setting for child users to ‘private’ in January 2021.

The family pairing setting allowed an adult user (who could not be verified as the parent or guardian) to pair their account to a child user’s account, allowing direct messaging.

TikTok also implemented ‘dark patterns’ by nudging users to choose more privacy-intrusive options during registration.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The DPC has issued an order for TikTok to bring its processing into compliance within three months.

In a statement on Friday, TikTok said it had plans to improve its privacy policies: “Later this month, we will begin rolling out a redesigned account registration flow for new 16 and 17-year-old users that will be pre-selected to a ‘private account’.”

The company also noted that it disagreed with the ruling, and the size of the fine: “We respectfully disagree with several aspects of the decision, particularly the level of the fine.”

TikTok is facing a second probe by the DPC into whether data is being improperly sent to China which would breach the EU’s GDPR regulation and could result in a maximum fine of 4% of the company’s global revenue.

Earlier this month, a new report from Which? claimed that Ezviz-branded smart cameras and doorbells are collecting massive amounts of personal data and sending it to third parties including TikTok’s marketing unit, Google, Meta and Huawei, among others.

TikTok has also faced many bans owing to national security concerns and its ownership by the Chinese company ByteDance.

As of June 2023, federal and state employees in 34 states are barred from accessing the app on government devices.

In May 2023, Montana became the first state to ban TikTok on all personal devices, though this will not take effect until January 1, 2024, and is currently being challenged in court.