Watchdog says TikTok failed to get consent from parents to process the data, as required by the United Kingdom’s data protection laws.
The UK’s privacy watchdog hit TikTok with a multimillion-dollar penalty for misusing children’s data and violating other protections for young users’ personal information.
The Information Commissioner’s Office said on Tuesday that it issued a fine of 12.7 million British pounds ($15.9m) to the short-video-sharing app, which is wildly popular with young people.
It’s the latest example of tighter scrutiny that TikTok and its parent, Chinese technology company ByteDance, are facing in the West, where governments are increasingly concerned about risks that the app poses to data privacy and cybersecurity.
The British watchdog, which was investigating data breaches between May 2018 and July 2020, said TikTok allowed as many as 1.4 million children in the United Kingdom under age 13 to use the app in 2020, despite the platform’s own rules prohibiting children that young from setting up accounts.
TikTok didn’t adequately identify and remove children under 13 from the platform, the watchdog said. And even though it knew younger children were using the app, TikTok failed to get consent from their parents to process their data, as required by the UK’s data protection laws, the agency said.
“There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws,” Information Commissioner John Edwards said in a press release.
The social media company collected and used the personal data of children who were inappropriately given access to the app, he said.
“That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll,” Edwards said.
The company said it disagreed with the watchdog’s decision.
“We invest heavily to help keep under 13s off the platform and our 40,000-strong safety team works around the clock to help keep the platform safe for our community,” TikTok said in a statement.
“We will continue to review the decision and are considering next steps,” the statement added.
TIkTok says that it has improved its sign-up system since the breaches happened by no longer allowing users to simply declare they are old enough and that it is looking for other signs that an account is used by someone under 13.
The penalty also covered other breaches of UK data privacy law.
The watchdog said TikTok failed to properly inform people about how their data is collected, used and shared in an easily understandable way. Without this information, it’s unlikely that young users would be able “to make informed choices” about whether and how to use TikTok, it said.
TikTok also failed to ensure personal data of British users was processed lawfully, fairly and transparently, the regulator said.
The social media company initially faced a fine of 27 million British pounds ($33.7m), which was reduced after the company persuaded regulators to drop other charges.
US regulators in 2019 fined TikTok – previously known as Musical.ly – $5.7m in a case that involved similar allegations of unlawful collection of children’s personal information.
Also Tuesday, Australia became the latest country to ban TikTok from its government devices, with authorities from the European Union to the United States concerned that the app could share data with the Chinese government or push pro-Beijing narratives.
US lawmakers are also considering forcing a sale or even banning TikTok outright as tensions with China grow.