UK Antitrust Regulator Could Fine TikTok £27M For Failure To Protect Children’s Privacy

TikTok is enmeshed in a new controversy as it faces a £27 million ($29 million) fine as it was found guilty by the United Kingdom’s Information Commissioner’s Office (ICO) for breaching child data protection laws for a two-year period.

The ICO averred that the breach by TikTok took place between May 2018 and July 2020, accusing the ByteDance owned company of processing data of children under the age of 13 without parental consent, adding that TikTok may have “failed to provide proper information to its users in a concise, transparent and easily understood way” and “processed special category data, without legal grounds to do so.”

The special category data the ICO was referring to is known as sensitive personal data in areas like sexual orientation, religious beliefs, ethnic and racial origin, political opinions, and genetic and biometric data.

TikTok has in recent times been subjected to increased scrutiny over its data privacy practices, and it would be recalled that antitrust enforcer, the Federal Trade Commission (FTC) in 2019 fined its parent company, ByteDance $5.7 million for violating the Children’s Online Privacy Protection Act (COPPA). 

TikTok was also enmeshed in another scandal as it was recently forced to temporarily halt a planned privacy policy switch in Europe projected to stop asking users for express consent to targeted advertising.

Also recently, a U.K. High Court judge gave the go-ahead to a class-action style lawsuit against TikTok over its purported handling of children’s data, after it was filed initially by a 12-year-old back in 2020.

With TikTok sporadic rise over the years challenging established social media sites for patronage, especially after it surpassed 1 billion active users in 2021, it has been able to attract more children to its app, as they spend nearly as much time on TikTok as they do on YouTube. This may have prompted YouTube owner, Google to invest in a service to rival the platform known as YouTube shorts.

The use of its platform by children has made TikTok have more user concerns over its data privacy practices, with the platform understandably trying to align with regulators demands on privacy and children rights protection.

TikTok had back in 2019 began the restriction of virtual gifting to teens over the age of 18, and thereafter opened a “trust and safety hub” in Europe. It also disabled direct messaging for under 16s, even as it introduced features such as “family safety mode” and screentime management.

The new revelation is coming on the heels of an earlier investigation by the ICO which was first started in 2019, with the regulator positing that it would investigate the process by which TikTok collects its private data. The ICO investigation also wanted to know if TikTok’s practices constitute a breach of the General Data Protection Regulation (GDPR), which has mandated companies to put r measures in place to protect underage users, together with addressing how the platform allows children to interact with adults.

The ICO has thus with the new hammer on TikTok issued a ‘notice of intent’ to TikTok Inc and TikTok Information Technologies UK Limited, known primarily as a legal document that outlines its findings ahead of the final decision, with TikTok given a chance to respond.

Responding to the query, a TikTok spokesperson in a statement it sent to TechCrunch said:

“This Notice of Intent, covering the period May 2018 to July 2020, is provisional and as the ICO itself has stated, no final conclusions can be drawn at this time. While we respect the ICO’s role in safeguarding privacy in the U.K., we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course.”

The ICO on its part asserted that “no conclusion should be drawn at this stage” in terms of whether there has been a breach of data protect law, or that any fine will in fact be imposed.

ICO’s Information Commissioner John Edwards,  in a statement  had said:

“We all want children to be able to learn and experience the digital world, but with proper data privacy protections. Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”