TikTok, the video-sharing social-media app that’s faced a global backlash over its links to China, was fined €345 million ($368 million) in the European Union for alleged lapses in the way it cares for children’s personal data.
The Irish Data Protection Commission found TikTok failed to protect minors against unnecessary data processing and didn’t act in a transparent manner, according to a decision made public on Friday.
The agency, which oversees the company because it’s EU base is in Dublin, gave TikTok a three-month ultimatum to bring its data processing in line with the bloc’s strict General Data Protection Regulation, GDPR.
The fine follows intense scrutiny of child safeguarding practices at the company, best known for viral dance challenges and owned by China’s ByteDance Ltd. TikTok, which has more than 1 billion users worldwide, continues to face potential bans and earlier this month was added to a list of tech firms that have six months to comply strict new digital markets rules in the EU.
“We respectfully disagree with the decision, particularly the level of the fine imposed,” TikTok said in a statement. It said the Irish authority’s “criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”
In addition to the scrutiny in the EU, US lawmakers have proposed multiple bills that could block the app. In the EU and the US, the company has established plans to wall off data on local servers and enlist domestic partners to oversee its data-access controls.
The Irish watchdog is the regulator for dozens of big technology companies. It opened two probes into TikTok in 2021, saying it was concerned that young users’ data wasn’t sufficiently protected and that it wanted to probe the risks of some TikTok user data being accessed by “maintenance and AI engineers in China.”
Last year, it fined Meta Platforms Inc.’s Instagram €405 million, for improperly handling children’s personal data.