TikTok faces $29M fine in UK for 'failing to protect children's privacy'


TikTok is facing a £27 million ($29 million) fine after the U.K.'s Information Commissioner's Office (ICO) provisionally found that the company breached child data protection laws for a two year period.

The alleged breach happened from May 2018 through July 2020, with the ICO noting that the company "may have" processed data of children under the age of 13 without parental consent. Additionally, it said the company may have "failed to provide proper information to its users in a concise, transparent and easily understood way" and "processed special category data, without legal grounds to do so."

Special category data refers to sensitive personal data in areas such as sexual orientation, religious beliefs, ethnic and racial origin, political opinions, and genetic and biometric data.

The ByteDance-owned video social network has fallen under increasing scrutiny over its data privacy practices. The U.S. Federal Trade Commission (FTC) fined ByteDance $5.7 million back in 2019 for violating the Children's Online Privacy Protection Act (COPPA), while more recently TikTok was forced to pause a planned privacy policy switch in Europe that would have meant that it would stop asking users for consent to targeted advertising. Sandwiched in between all that, a U.K. High Court judge recently greenlighted a class-action style lawsuit against TikTok over its handling of children's data, after it was filed initially by a 12-year-old back in 2020.


TikTok's global rise over the past few years has been remarkable, giving incumbents such as Facebook a run for their money. Indeed, TikTok surpassed 1 billion active users last year, and children in particular are spending nearly as much time on TikTok as they are on YouTube in some markets, leading Google to invest heavily in a rival service called YouTube Shorts.

In response to growing concerns over its data privacy practices, TikTok has tried to placate regulators somewhat. Back in 2019, it started restricting virtual gifting to those over the age of 18, before opening a "trust and safety hub" in Europe. Elsewhere, TikTok has disabled direct messaging for under 16s, and introduced features such as "family safety mode" and screentime management.

Today's revelation stems from an investigation the U.K. ICO first initiated back in 2019, as the regulatory body revealed that it would be looking into how TikTok collects private data. More specifically, the investigation sought to discover whether its practices constitute a breach of the General Data Protection Regulation (GDPR), which requires companies to put robust measures in place to protect underage users, including addressing how the platform allows children to interact with adults.

While today's announcements is not final, it serves as a clear indication that the U.K.'s investigations have unearthed enough to warrant a potentially hefty fine. The ICO has issued a 'notice of intent' to TikTok Inc and TikTok Information Technologies UK Limited, which is basically a legal document that outlines its findings ahead of the final decision, giving TikTok a chance to respond.

"This Notice of Intent, covering the period May 2018 to July 2020, is provisional and as the ICO itself has stated, no final conclusions can be drawn at this time," A TikTok spokesperson said in a statement issued to TechCrunch. "While we respect the ICO's role in safeguarding privacy in the U.K., we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course."

The ICO was also quick to stress that "no conclusion should be drawn at this stage" in terms of whether there has been a breach of data protect law, or that any fine will in fact be imposed.

"We all want children to be able to learn and experience the digital world, but with proper data privacy protections," Information Commissioner John Edwards said in a statement. "Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement."

Under current laws, the U.K. has the power to fine companies that contravene U.K. GDPR or the Data Protection Act up to £17.5 million ($19 million) or 4% of their global turnover. In TikTok's case, it reportedly raked in around $4 billion last year, though this figure is set to triple in 2022 -- so a $29 million fine could be construed as a drop in the ocean.


More Related News

FBI's Wray Says US Still Discussing Terms of TikTok Security Agreement

(Bloomberg) -- FBI Director Christopher Wray said US officials are still discussing how to address national-security concerns posed by TikTok, in comments...

RSV and flu: US children
RSV and flu: US children's hospitals stretched by respiratory viruses

More than three quarters of paediatric hospital beds were full in November, health officials say.

China orders TikTok and Tencent to suppress criticism as protests mount
China orders TikTok and Tencent to suppress criticism as protests mount

China's internet censorship commission has reportedly ordered social media companies TikTok and Tencent to crack down on posts criticising its government as ...

Gastonia Police plan to take children Christmas shopping
Gastonia Police plan to take children Christmas shopping
  • US
  • 2022-12-01 12:09:24Z

The Gastonia Police Foundation is seeking monetary donations for gift cards that will be given to children for holiday shopping, according to the police...

South Dakota Gov. Kristi Noem issues executive order blocking TikTok from state devices
South Dakota Gov. Kristi Noem issues executive order blocking TikTok from state devices

South Dakota Gov. Kristi Noem signed an order blocking the download of TikTok, a popular Chinese-owned social media platform, on state devices.

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply


Top News: Economy