Social media platform TikTok has been fined 12.7 million pounds (US$15.8 million) by the U.K. Information Commissioner’s Office (ICO) for breaches of data protection law, “including failing to use children’s personal data lawfully,” the ICO announced.
According to the ICO, TikTok violated the U.K. General Data Protection Regulation (UK GDPR) between May 2018 and July 2020 by:
- Providing its services to U.K. children under the age of 13 and processing their personal data without consent or authorization from their parents or guardians;
- Failing to provide proper information to those using the platform about how their data is collected, used, and shared in an easy-to-understand format; and
- Failing to ensure that the personal data belonging to its U.K. users was processed lawfully, fairly, and in a transparent manner.
Consequently, according to the ICO, TikTok allowed up to 1.4 million U.K. children under the age 13 to use its platform in 2020. “TikTok also failed to carry out adequate checks to identify and remove underage children from its platform,” the ICO stated.
According to the ICO investigation, senior employees had raised concerns internally about children under 13 using the platform, but “TikTok did not respond adequately,” the ICO said.
U.K. Information Commissioner John Edwards said in a statement, “There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws.”
“TikTok should have known better. TikTok should have done better,” Edwards added. “Our £12.7 million fine reflects the serious impact their failures may have had. They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform.”
The original ICO notice of intent for TikTok set the fine at £27 million. However, the ICO said it “decided not to pursue the provisional finding related to the unlawful use of special category data,” taking into consideration TikTok’s representations. Thus, “this potential infringement was not included in the final amount of the fine set at £12.7 million,” the ICO said.
U.S. Scrutiny
Across the pond, TikTok is also facing significant scrutiny in the United States. On March 23, TikTok CEO Shou Chew was grilled at a hearing before the U.S. House Energy and Commerce Committee over concerns that, at a high level, TikTok’s business practices pose threats to both national and personal security.
During the hearing, Chew fielded five hours of tough questions and criticisms regarding TikTok’s targeting of children, as well as privacy-related concerns about TikTok’s ability—or lack thereof—to protect user data, especially concerning its ownership by Chinese company, ByteDance.
“TikTok collects nearly every data point imaginable, from people’s location, to what they type and copy, who they talk to, biometric data, and more. Even if they’ve never been on TikTok, your trackers are embedded in sites across the web,” House Energy and Commerce Committee Chair Cathy McMorris Rodgers said in opening remarks. “TikTok surveils us all, and the Chinese Communist Party (CCP) is able to use this as a tool to manipulate America as a whole.”
Throughout the hearing, Chew repeatedly denied any threats posed by the Chinese government. The outcome of an outright ban of TikTok in the United States remains open to debate. 
Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.