The social media giant, TikTok, was recently fined €345 million (or $368 million) after violating GDPR laws regarding child privacy laws. The violations include two pop-ups encouraging users to make their accounts and posts public-by-default.
Whenever a child between the ages of 13-17 sign up for TikTok, they’re “nudged” to make their accounts public by clicking on a button to the right labeled “Skip.”
“(This) would then have a cascading effect on the child’s privacy on the platform, for example by making comments on video content created by children accessible,” says the European Data Protection Board (EDPB).
The second violation regards the pop-up that appears when you post a new video. Rather than presenting a way to change your video’s privacy settings while posting, you need to change your privacy settings themselves. TikTok made it difficult to manage the privacy of any individual video.
On top of that, the “Post Now” button is bolded, while cancel appears in lighter text, “nudging” children to post videos without altering its privacy settings. The EDPB conducted a thorough investigation on TikTok, also noting concerns about their age verification system, which it deemed as “easily circumvented.”
“The EDPB expressed serious doubts regarding the effectiveness of the age verification measures put in place by TikTok during this period, particularly taking into account the severity of the risks for the high number of children affected,” it said
Alongside the €345 million fine, TikTok was given three months to reform their data processing practices to fit the current laws.
“Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner – particularly if that presentation can nudge people into making decisions that violate their privacy interests,” explains Anu Talus, EDPB Chair. “Options related to privacy should be provided in an objective and neutral way, avoiding any kind of deceptive or manipulative language or design.”