This Friday, the European Union imposed a fine of 345 million euros on the social network TikTok for having violated its data protection regulations (GDPR) in the processing of information related to minors.
TikTok Technology Limited will have to pay “administrative fines totaling €345 million” and bring its operations into compliance within three months, the Irish Data Protection Commission (DPC) announced in a press release, on behalf of of the EU.
The DPC opened an investigation in September 2021 into this subsidiary of the Chinese giant ByteDance, very popular among young people, which today has 150 million users in the United States and 134 million in the European Union.
The crimes in question refer to the period between July 31 and December 31, 2020.
The Irish authority points out in its decision that the registration of the children on the platform was carried out in such a way that their accounts were defined as public by default.
It also identifies other problems such as those related to the “family connection” mode, which allows a parent's TikTok account to be linked to that of their teenager. According to the DPC, the company did not verify whether the associated user was actually the parent or guardian.
Furthermore, although the platform is theoretically reserved for users of at least 13 years of age, the DPC considers that TikTok did not properly take into account the risks faced by young people who still manage to create an account.
TikTok "respectfully disagrees with the decision, in particular the level of the fine imposed," a spokesperson reacted in a statement sent to the AFP agency, specifying that the company "evaluates the next steps", without deciding on the possibility of appealing.
"The DPC's criticism focuses on functionalities and parameters that were in force three years ago and that we modified" shortly after, the company argued, pointing out, for example, that all accounts of people under 16 years of age are now private by default. .
The company claims to closely monitor the age of its users and, in particular, indicates that it deleted nearly 17 million accounts worldwide in the first three months of 2023 alone because they were suspected of belonging to people under 13 years of age.
The Irish Data Protection Authority has jurisdiction to act on behalf of the EU because TikTok's main place of business in Europe is in Ireland.
This is not the first time that TikTok has been fined for its processing of minors' data. He received a fine of 5.7 million dollars in the United States in 2019, 750,000 euros in the Netherlands in 2021 and 12.7 million pounds in the United Kingdom last April.
Social media is regularly accused of having detrimental effects on younger users, for example by overexposing them to other people's seemingly ideal lives or to inappropriate advertising.
The French Parliament voted at the end of June to require platforms such as TikTok, Snapchat or Instagram to verify the age of their users and parental consent when they are under 15 years old.
This sanction today occurs in a context of strengthening legal controls and procedures in the European Union, but also in the United States, against technology giants, from TikTok to GAFA (Google, Amazon, Facebook and Apple).
Meta received a record fine of 1.2 billion euros from the Irish regulator in May for violating European data protection rules with its social network Facebook.
Faced with distrust from public authorities, TikTok also announced in early September that it had begun hosting the data of its European users in Ireland, to allay the fears of its Chinese shareholders.