TikTok Faces €345 Million Fine For Violating Child Data Processing Laws

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

The social media giant, TikTok, was recently fined €345 million (or $368 million) after violating GDPR laws regarding child privacy laws. The violations include two pop-ups encouraging users to make their accounts and posts public-by-default.

Whenever a child between the ages of 13-17 sign up for TikTok, they’re “nudged” to make their accounts public by clicking on a button to the right labeled “Skip.”

“(This) would then have a cascading effect on the child’s privacy on the platform, for example by making comments on video content created by children accessible,” says the European Data Protection Board (EDPB).

The second violation regards the pop-up that appears when you post a new video. Rather than presenting a way to change your video’s privacy settings while posting, you need to change your privacy settings themselves. TikTok made it difficult to manage the privacy of any individual video.

On top of that, the “Post Now” button is bolded, while cancel appears in lighter text, “nudging” children to post videos without altering its privacy settings. The EDPB conducted a thorough investigation on TikTok, also noting concerns about their age verification system, which it deemed as “easily circumvented.”

“The EDPB expressed serious doubts regarding the effectiveness of the age verification measures put in place by TikTok during this period, particularly taking into account the severity of the risks for the high number of children affected,” it said

Alongside the €345 million fine, TikTok was given three months to reform their data processing practices to fit the current laws.

“Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner – particularly if that presentation can nudge people into making decisions that violate their privacy interests,” explains Anu Talus, EDPB Chair. “Options related to privacy should be provided in an objective and neutral way, avoiding any kind of deceptive or manipulative language or design.”

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."