European Authorities Fine TikTok for Children’s Privacy Breach

Reading Time: ( Word Count: )

September 15, 2023
Nextdoorsec-course

European oversight bodies have imposed a significant fine of $368 million on TikTok for not adequately safeguarding the privacy of its underage users, marking the first time the popular video-sharing platform faced repercussions under Europe’s stringent data privacy regulations.

Scrutiny revealed that teens joining the platform were automatically assigned public accounts, exposing their content to a wider audience, which anyone could see and comment upon. This configuration inadvertently risked the exposure of children below 13, an age group not permitted on the platform.

Additionally, a feature named “family pairing,” which aimed to allow parents better control, had loopholes. It permitted adults to enable direct messaging for 16 and 17-year-olds without obtaining their consent. The platform also pushed younger users towards settings with lower privacy when they registered and uploaded content, observed the commission.

Countering this, TikTok expressed its disagreement, especially with the substantial amount of the fine. The firm highlighted that many of the issues the commission identified pertained to functionalities and configurations from three years ago. According to TikTok, corrective measures were already implemented before the inquiry started in September 2021. For instance, TikTok had preset accounts of under-16 users to private and had turned off direct messaging for those aged 13 to 15.

Also Read: Elon Musk Under Federal Scrutiny: The FTC Probes X Corp’s Privacy Practices

European Authorities Fine TikTok for Children's Privacy Breach

“Many concerns raised in the decision have already been addressed with the solutions we rolled out at 2021’s beginning, months before this investigation was initiated,” stated Elaine Fox, TikTok’s European Privacy Chief, in a blog update.

To ensure smoother processes, the central office in Brussels of the European Union, encompassing 27 countries, has now been tasked with the enforcement of novel rules. These rules target enhancing online competition and refining online content, further solidifying Europe’s standing as a foremost player in tech regulation.

There have been speculations about TikTok’s potential security risks, given fears that European user data might end up in China. In response, TikTok has initiated efforts to house European user data locally, announcing a new data facility in Dublin, the first of three planned for Europe.

In a parallel move, the UK’s data protection entities, functioning independently since Brexit in January 2020, imposed a fine of 12.7 million pounds (around $15.7 million) on TikTok earlier this year in April. The penalty was for mishandling minors’ data and other lapses concerning safeguarding young users’ private information.

Other major tech firms, including Instagram, WhatsApp, and their parent company, Meta, have also been on the receiving end of substantial fines. Specifically, in the last year, they faced penalties from the Irish regulatory body over various breaches.

In light of these events, it becomes clear that tech giants are under increasing scrutiny in Europe, emphasizing the importance of user data protection, especially when it concerns minors. 

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *