Social media platform TikTok was fined 12.7 million pounds (U.S. $15.9 million) by the U.K. Information Commissioner’s Office (ICO) for using the personal data of children without parental consent and other violations of data protection mandates.
The ICO accused TikTok of violating the U.K. General Data Protection Regulation (GDPR), which requires companies obtain permission from parents before using the personal data of children under the age of 13.
The company did not seek parental consent before using children’s data between May 2018 and July 2020, the ICO said in a press release Tuesday.
The details: Though TikTok’s rules prohibited children from using the platform, about 1.4 million U.K. children under 13 used it in 2020, the ICO said.
TikTok should have been aware that many children were using the platform, the regulator said.
The company was further accused of failing to comply with the U.K. GDPR because it did not fully inform users in plain language about how their data was collected, used, and shared. Without that information, users “were unlikely to be able to make informed choices about whether and how to engage with [the platform],” the ICO said.
The regulator also found TikTok didn’t ensure the data it collected from users was handled lawfully, fairly, and transparently.
The ICO began its investigation of TikTok in 2019. Investigators found its employees raised concerns internally about children using the platform.
“TikTok did not respond adequately,” the ICO said.
Compliance considerations: The ICO announced in September it informed TikTok it could be fined up to £27 million (then-U.S. $29 million) for its alleged infractions. The regulator engaged with the company and cut the proposed fine total by more than half after deciding not to pursue provisional findings related to “unlawful use of special category data,” the ICO said.
“[Children’s] data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll,” stated John Edwards, U.K. information commissioner. “TikTok should have known better. TikTok should have done better. Our … fine reflects the serious impact their failures may have had.”
In March, TikTok Chief Executive Shou Zi Chew testified in front of Congress amid a renewed push in the United States to block the platform because of concerns its China-based parent company, ByteDance, could share data with Chinese authorities.
Company response: TikTok disagreed with the ICO’s decision, a company spokesperson said in an emailed statement.
“We are pleased that the fine announced today has been reduced to under half the amount proposed last year,” the spokesperson said. “We will continue to review the decision and are considering next steps.”
Adrianne Appel writes regulatory news, policy, and trends for Compliance Week. She previously reported about policy developments for Bloomberg Law and Bloomberg Government.
No comments yet