The Irish Data Protection Commission imposed a 345 million-euro administrative fine on short-form video hosting platform TikTok for violating the European Union’s General Data Protection Regulation in processing the personal data of children.
The probe mainly focused on TikTok’s public-by-default settings and family pairing feature, as well as age verification during the registration process. The decision was finalized on Sept. 1, according to a Sept. 15 release.
The regulator found TikTok to be in breach of several of the regulation’s provisions and subsequently ordered the company to bring its processing into compliance within a period of three months from the date of its final decision.
It also looked at TikTok’s age verification measures for persons under 13 and found no infringement, but found the platform did not properly assess the risks to younger people registering on the service.
The DPC highlighted Friday in its ruling how children signing up had TikTok accounts set to public by default, meaning anyone could view or comment on their content.
The watchdog in September 2021 began examining TikTok’s compliance with GDPR in relation to platform settings and personal data processing for users aged under 18.