Stricter Online Safety Rules: How Are Companies Coping in Reality?
In September 2023, TikTok received its biggest fine to date after the Irish Data Protection Commission (DPC) imposed a €345million (£296m) fine on the company after violating child privacy. It was said that TikTok infringed Articles 5(1)(c), 5(1)(f), 24(1), 25(1), 25(2), 12(1), 13(1)(e) and 5(1)(a) of the GDPR for the following reasons:
Child user accounts were automatically set as “public” accounts meaning anyone on and off TikTok could see what a child posted.
The “family pairing” allowed anyone (even if they couldn’t be verified as a parent or guardian of a child) to be connected with a child user, enabling them to send direct messages.
“Dark patterns” were used by TikTok pushing users to choose privacy settings that were more intrusive.
Not long ago, we saw a huge fine being handed to Facebook's parent company, Meta for €1.2 billion (£1bn) after being accused of mishandling people's data when transferred between Europe and the United States.
After the EU and UK implemented stricter rules and large companies like TikTok and Meta were fined millions and billions for violating rights or mishandling data, it is no surprise that many companies are concerned about also being punished for noncompliance with these strict regulations.
The UK is in the process of enforcing the new Online Safety Bill to protect child user rights online. Putting measures in place to comply with a law like this is expected to cost medium-sized businesses around £250,000 per year due to having to understand the new requirements, train staff, update systems and processes, and privacy practices and create strong data protection strategies.
In addition, the U.S. is also trying to level up its efforts to protect child users online meaning companies will need to adhere to new rules within the Kids Internet Design and Safety (KIDS) Act and adopt more transparent privacy protection practices.
Furthermore, new EU rules are requiring companies to better protect the freedoms of their users through the EU Digital Services Act (DSA). It is said that noncompliance could lead to fines of 6% of a company’s turnover and potentially suspension of the service. The Commission said that the biggest companies like Alibaba, AliExpress, Amazon Store and the Apple App Store will be subject to the toughest regulations, but other smaller companies will still need to comply by the end of the year.
It is likely that many smaller tech companies are concerned about the number of online safety rules that are being introduced by various countries and the willingness to hand out fines like the ones we have seen.
Whilst the number of changing regulations can be daunting, it is important for businesses to begin to understand their responsibilities as soon as possible and set up plans to tackle data protection and online safety compliance, including seeking legal advice where necessary. Smaller companies can use this as an opportunity to create robust online safety systems and protocols to position themselves as reliable and reputable organisations, creating a competitive advantage against rivals.
How Can Gerrish Legal Help?
Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property.
We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.
We are here to help you, get in contact with us today for more information.