The Irish Data Protection Commission (DPC) has fined TikTok €345 million fine over mishandling children’s data on its platform.

The DPC’s inquiry reached its conclusion having examined a period between 31 July 2020 and 31 December 2020 to determine the extent to which the video sharing platform, owned by the Chinese company ByteDance, complied with its obligations under the General Data Protection Regulation (GDPR) in relation to its processing of personal data relating to child users.

The investigation centred on various settings on TikTok, such as public-by-default settings and those associated with the platform’s ‘Family Pairing’ feature, and age verification as part of the user registration process.

In its final decision, the DPC said TikTok infringed on several articles outlined in the GDPR.
It said the articles TikTok infringed on included setting accounts for users under the age of 16 to "public" by default with the regulator stating that TikTok did not verify whether a user was actually a child user's parent or guardian when linked through the "family pairing" feature.

Along with the fine, the DPC has given TikTok three months to “bring its processing into compliance with the GDPR” regarding the articles it is determined to have breached.

A spokesperson for TikTok said the company "respectfully disagrees with the decision" and particularly at the level of the fine imposed.

"The DPC's criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default," they said.

Share Story: