Irish regulators have imposed a €345 million fine on TikTok for violations related to children’s privacy, marking the largest fine the social media platform has faced from regulators.
The complaint, which dates back to 2020, focused on how TikTok managed children’s data, including age verification and privacy settings.
TikTok has expressed disagreement with the decision, emphasizing that many of the criticized features and settings had been updated years before the investigation began, including setting all accounts for users under 16 to private by default.
TikTok faces GDPR fine for privacy violations
The fine was issued by Ireland’s Data Protection Commission (DPC) under the EU’s General Data Protection Regulation (GDPR) privacy law.
The DPC found that TikTok had not been transparent enough with children regarding its privacy settings and how their data was processed.
TikTok has been given three months to ensure full compliance with GDPR. An ongoing investigation is also examining whether TikTok has unlawfully transferred data from the EU to China.
Despite the substantial fine, it is smaller than some recent penalties, such as Meta’s €1.2 billion fine for data mishandling.
However, it exceeds the £12.7 million fine TikTok received from the UK data watchdog in April for allowing underage children to use the platform in 2020.
The fine specifically relates to actions taken in 2020, with TikTok subsequently implementing measures to enhance compliance, including setting accounts for 13 to 15-year-olds to private by default in January 2021 and extending this to 16 and 17-year-olds in the future.