In a significant move, European authorities have imposed a colossal fine of $368 million (approximately Rp 5.6 trillion) on TikTok for its violations of General Data Protection Regulation (GDPR) policies. This decision follows an investigation led by the Irish Data Protection Commission, given TikTok’s headquarters and data centers’ location in Ireland.
TikTok: Defaulting Child User Profiles to Public
One of the central findings of the investigation revolves around TikTok’s default settings for child users, specifically those aged between 13 and 17. TikTok’s default settings exposed the personal information of these users to anyone on the platform. Furthermore, videos uploaded by these users were automatically set to public, allowing unrestricted comments from anyone.
TikTok: Lack of Safeguards for Child Users
The investigation also brought to light TikTok’s failure to implement certain safeguards for child users. Notably, TikTok did not require child users to opt-in for features like Duet and Stitch, which allow other users to interact with their content. This lack of control meant that anyone could duet or stitch their videos without consent.
Pairing Child Accounts with Adult Accounts
Perhaps even more concerning was the discovery that TikTok allowed child user accounts to be paired with adult user accounts without verifying the relationship between the two. This pairing enabled direct messaging between the accounts, even though this feature should not have been available to underage users.
ICO’s Previous Fine on TikTok
TikTok had previously faced penalties for mishandling user data. Earlier in the year, the UK’s Information Commissioner’s Office (ICO) imposed a £12.7 million (approximately $15.75 million) fine on TikTok for allowing 1.4 million UK children to sign up, despite being under the age of 13.
Conclusion: Strengthening Data Protection Measures
TikTok’s failure to adhere to GDPR rules regarding the privacy and data protection of underage users has resulted in a substantial fine from European regulators. This case serves as a stark reminder of the importance of strict data protection measures, particularly when it comes to safeguarding the privacy and data of young users online.