em360tech image

TikTok has been hit with a £12.7 million fine after an investigation conducted by the UK's Information Commissioner’s Office (ICO) found it had failed to protect the privacy of children.

The ICO said the video-sharing app had breached multiple UK data protection laws after it allowed up to 1.4 million children under 13 to use its platform between May 2018 and July 2020 despite its own rules not allowing children that age to create an account. 

The fine is one of the largest fines the regulator has ever issued, but it is still half of what it threatened last year in its "notice of intent" – a precursor to handing down a potential fine. 

UK data protection law does not have a strict ban on children using the internet but requires organisations that use the personal data of children to obtain consent from a parent or carer. 

"There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by that law said Information Commissioner John Edwards said in a statement. 

"As a consequence, an estimated one million under 13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.”

"TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had. They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform.” Edwards added. 

The ICO’s investigation found that concern was raised internally but that TikTok did not respond “adequately” to avoid the penalty. 

In a statement, a TikTok spokesperson said: “TikTok is a platform for users aged 13 and over. We invest heavily to help keep under-13s off the platform and our 40,000-strong safety team works around the clock to help keep the platform safe for our community.

“While we disagree with the ICO’s decision, which relates to May 2018 to July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year. We will continue to review the decision and are considering next steps.”

Time is running out for TikTok

The fine arrives a day after Australia announced it would ban TikTok from government devices, joining the US, Canada, New Zealand, Norway, the EU and the UK in enforcing a partial ban on the Chinese-owned app. 

Over 70 per cent of US teenagers use TikTok every day, but the app has come under increasing scrutiny from lawmakers around the world, who question the app’s handling of user data, privacy and security practices, and measures to safeguard the safety of its users. 

Others are concerned that the video-sharing app, which is owned by Chinese firm ByteDance,  may share US data with Beijing as per Chinese legislation that requires all firms to help the communist party upon request. 

Last week, TikTok CEO Shou Zi Chew appeared before Congress to defend TikTok’s data security policies, assuring lawmakers TikTok would not share any data with Beijing, even upon request despite being Chinese owned. 

“I understand that there are concerns stemming from the inaccurate belief that TikTok’s corporate structure makes it beholden to the Chinese government or that it shares information about U.S. users with the Chinese government,” Chew said in his opening statements. “This is emphatically untrue.”

Despite Chew's efforts to defend TikTok, however, a forced sale to another US firm or an outright ban of the app seems to be the only two options in the eyes of US lawmakers. 

“Your platform should be banned,” Chair Cathy McMorris-Rodgers (R-WA) said in response to Chew’s open statements. “I expect today you’ll say anything to avoid this outcome.”

“TikTok is a weapon by the Chinese Communist Party to spy on you, manipulate what you see and exploit for future generations,” McMorris Rodgers added. 

The ICO’s hefty fine on TikTok is yet another blunder for a company already facing scrutiny from governments around the world. TikTok’s future remains uncertain, but an outright ban of the app looks closer than ever before

“Be transparent or face fines”

TikTok joins several other tech companies facing hefty penalties due to their failure to protect their users’ personal data. 

In December, Meta was hit with a €265 million fine by the Irish Data Protection Commission after the personal data of more than half a billion users was found on a hacking site.

To read more about data security, visit our dedicated Data Management Page. 

Experts note in both Meta and TikTok’s cases it was a lack of transparency about how the handling of users' personal data led to their penalties. 

“TikTok's fine from the ICO illustrates why organisations must be transparent with their data protection practices,” said Chris Linnell, Principal Data Privacy Consultant at Bridewell. 

“One of the main aims of Data Protection legislation is to give us more control over how our personal data is being used. Transparency is crucial when it comes to providing this control. Individuals have a right to understand how their data will be collected, used, and shared.” 

“This is to empower them to make informed choices about whether and how they choose to engage with applications like those provided by TikTok,” Linnell added.