The Dutch Data Protection Authority (DPA) on Thursday imposed a €750,000 (U.S. $883,000) fine on TikTok for violating the privacy of young children following a wide-scale investigation launched last year.

The data regulator took aim at TikTok for providing its privacy policies in English rather than Dutch, which meant children were more likely to sign up to the service without fully understanding how the app collects, processes, and uses personal data or the implications of sharing personal data on social media.

The DPA deemed such a violation of the General Data Protection Regulation’s (GDPR) provisions on clear and legible descriptions of data collection practices.

TikTok—a social media firm where people share video files—is one of the most popular apps in The Netherlands with around 3.5 million users, many of them children. Under Dutch law and the GDPR, children are treated as an especially vulnerable category.

TikTok has lodged an objection to the fine.

In October, the Dutch DPA sent TikTok the findings from its investigation. The company then implemented a number of changes to make its app safer for children under the age of 16.

For example, parents now have more control over their child’s account by having the ability to manage their child’s privacy settings through their own account and the app’s “family pairing” feature.

However, while welcoming the changes TikTok has made, the DPA has raised concerns children can still pretend to be older by simply filling in a different age when creating their account.

The Dutch DPA is not the first authority to criticize the company for its weak age verification checks. In 2019, TikTok (then called Musical.ly) received a $5.7 million fine from the U.S. Federal Trade Commission for similar failings and was ordered to implement stronger age verification measures.

At the time the Dutch DPA launched its investigation in May 2020, TikTok did not have a European headquarters, which meant any data regulator in the region could take action on behalf of complaints from its citizens. TikTok has since set up its operations in Ireland, which means the Irish Data Protection Commission must now complete the investigation into other possible privacy violations.

Neil Hodge is a freelance business journalist and photographer based in Nottingham, United Kingdom. He writes on insurance and risk management, corporate governance, internal audit, compliance, and legal issues.

Topics