TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.
The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.
It found TikTok had contravened GDPR by placing child users’ accounts on a public setting by default; allowing public comments on those accounts; not checking whether an adult given access to a child’s account on a “family pairing” scheme was a parent or guardian; and not properly taking into account the risks posed to under-13s on the platform who were placed on a public setting.
The Irish Data Protection Commission (DPC) said users aged between 13 and 17 were steered through the sign-up process in a way that resulted in their accounts being set to public – meaning anyone can see an account’s content or comment on it – by default. It also found that the “family pairing” scheme, which gives an adult control over a child’s account settings, did not check whether the adult “paired” with the child user was a parent or guardian.
This is the best summary I could come up with:
TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.
The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.
The Duet and Stitch features, which allow users to combine their content with other TikTokers, were also enabled by default for under-17s.
TikTok said the investigation looked at the company’s privacy setup between 31 July and 31 December 2020 and said it had addressed the problems raised by the inquiry.
All existing and new TikTok accounts for 13- to 15-year-olds have been set to private – meaning only people approved by the user can view their content – by default since 2021.
This meant it had to include a proposed finding by the German regulator that the use of “dark patterns” – the term for deceptive website and app designs that steer users into certain behaviours or making particular choices – breached a GDPR provision on fair processing of personal data.
The original article contains 528 words, the summary contains 180 words. Saved 66%. I’m a bot and I’m open source!
Good Bot!