Photo by Jens Kalaene/picture alliance via Getty Images
TikTok is facing a fine of as much as £25 million — 4% of its global annual turnover — for failing to protect the privacy of children.
An investigation by the UK’s Information Commissioner’s Office (ICO) has concluded that the video-sharing app may have processed the data of children younger than 13 without appropriate parental consent between May 2018 and July 2020.
It also said the Chinese-owned firm may have failed to provide proper information to its users in a concise, transparent and easily understood way, and that it may have processed special category data without legal grounds to do so.
This data includes ethnic and racial origin, political opinions, religious beliefs, sexual orientation, trade union membership, genetic and biometric data or health data.
Such processing would fall foul of the General Data Protection Regulation (GDPR), which contains strict requirements on companies processing children’s personal data.
The ICO has now issued the Chinese-owned firm with a ‘notice of intent’ about a possible fine of £25 million ($29 million). However, it notes that this decision is provisional, pending representations from TikTok.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” says information commissioner John Edwards.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
The ICO investigation follows a probe in the US, where the Federal Trade Commission (FTC) fined the company $5.7 million for similarly collecting personal information from children without parental consent, in violation the Children’s Online Privacy Protection Act (COPPA
PPA
TikTok was also fined by the Korea Communications Commission (KCC) for similar offenses in 2020.
“This Notice of Intent, covering the period May 2018 – July 2020, is provisional and as the ICO itself has stated, no final conclusions can be drawn at this time,” says a TikTok spokesperson.
“While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course.”
A £27 million fine would be the biggest in the ICO’s history, comfortably topping the £20 million fine imposed on British Airways two years ago for exposing the personal details of more than 400,000 customers.
Edwards says the ICO – of which he became head earlier this year – will not shy away from enforcement action in future, and is actively pursuing a number of other investigations.
“I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary,” he says.
“In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s code and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough.”
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
