A hot potato: TikTok is finding itself in deep waters once again with more reports of privacy concerns. This time, the Irish Data Protection Commission has handed down a massive fine to the company due to the mishandling of underage accounts.
TikTok is no stranger to controversy surrounding user privacy and security. For years, it’s been well documented that TikTok’s parent company, ByteDance, is not the most reliable when it comes to keeping user data private. This behavior has led to various governments attempting to restrict, or in some cases, completely ban, the application in their respective regions. Earlier this year, Montana became the first US state to pass a vote to ban TikTok.
For a while, this was ByteDance and TikTok’s biggest concern, as the decline in active users would result in lower profits and potentially open up space to competitors in a given demographic. However, a recent punishment handed down by the Irish Data Protection Commission (DPC) may prove to be as damaging as any regional ban.
The DPC announced on Friday that it had agreed to hand out a €345 million ($368 million) fine to TikTok due to the mishandling of underage accounts. According to the investigation, TikTok violated the European Union’s GDPR (General Data Protection Regulations) by defaulting child user accounts to public, which would allow anyone to view the profile and comment on any posts from the user.
Users aged between 13 and 17 were supposedly “steered through the sign-up process in a way that resulted in their accounts being set to public” rather than ensuring they were private by default, which the GDPR requires. The investigation also found that TikTok’s “family pairing” feature, which allows parents and guardians to manage their child’s account, was not properly checking if a paired adult was actually a parent or guardian of the child.
Both of TikTok’s Duet and Stitch features were also enabled by default for underage profiles. Each of these allows multiple users to collaborate and combine their videos, which can obviously cause some privacy concerns.
This is not the first time TikTok has been fined by an EU commission; the UK’s data regulators fined TikTok for £12.7 million ($15.7 million) earlier this year. In this case, it was due to TikTok mishandling the data of users under the age of 13. The UK determined the app was not preventing those accounts from joining the app, despite TikTok’s terms of service prohibiting anyone under 13 years old from creating a profile.
A representative for TikTok responded to the fine, stating, “We respectfully disagree with the decision, particularly the level of the fine imposed. The DPC’s criticisms are focused on features and settings that were in place three years ago.” According to the statement, TikTok made changes and set all accounts between the ages of 13 and 15 to private in 2021, after the DPC had begun their investigation, which supposedly occurred during 2020.
Unfortunately, these privacy concerns appear to be a recurring problem for TikTok. Users can only hope that the fines and threats of massive bans on the application will result in ByteDance forcing serious changes to how TikTok is managed.