TikTok is Fined £12.7 Million for Misusing Children’s Data
The UK’s data protection regulator has fined TikTok £12.7 million for breaching data laws by failing to protect and misusing children’s information. The popular video app was fined by the Information Commissioner’s Office (ICO) for allowing over 1 million children under 13 to set up an account and access content on the site contrary to its own terms of service and despite the minimum age for using the site being 13.
An investigation by the ICO found that TikTok failed to carry out adequate checks to identify any accounts that belonged to children under 13. It suspected that TikTok was probably aware of the problem as concerns had been raised internally within the company. The issue was that adequate enquiries were not made to identify users, meaning children’s data may have been used to profile and track them. As a result, child users could have been presented with inappropriate or harmful content putting them at risk of being targeted.
In the UK it is a breach of Article 8 of the GDPR to fail to obtain parental consent before allowing children to use online apps and webpages such as TikTok. It is the responsibility of such tech companies to ensure that it knows who their users are and to prevent children from being exposed to things that could harm them online.
TikTok also breached Articles 12 and 13 of the GDPR which cover the failure to provide users with information pertaining to how their data would be collected, used, or shared in a way that was easy to understand. In addition, they breached Article 5 due to the failure to process the information of users in the UK in a lawful, transparent, and fair manner.
Key Takeaways
The ICO fine sends a strong message to other tech companies that they have a duty of care to ensure that their products and services are not being marketed to underage users without parental consent. This extends to companies that use apps such as TikTok to market their products to ensure their advertising spend is not helping fund the exploitation of children’s data.
“TikTok not only breached GDPR laws, it also contravened its own terms of service, possibly with the aim of achieving growth at all costs. In doing so, the company collected and misused the data of minors leaving the ICO no choice but to enact one of the largest fines of its type in the UK.”
Charlotte Gerrish of Gerrish Legal
The main question that this case raises is to what extent should companies be monitoring their systems to prevent under-aged users from accessing them. The ICO has published a children's code that details what companies should be doing to protect children online. The ICO states that the level of certainty a company needs to be sure that a user isn’t a child is dependent on the risk associated with the data processing. Therefore, the higher the risk to the child, the more reassurance the company needs. Companies could ask for self-declarations, or use third-party age verification services or artificial intelligence to identify users.
How Can Gerrish Legal Help?
Gerrish Legal is a dynamic digital law firm. We pride ourselves on giving high-quality and expert legal advice to our valued clients. We specialise in many aspects of digital law such as GDPR, data privacy, digital and technology law, commercial law, and intellectual property.
We give companies the support they need to successfully and confidently run their businesses whilst complying with legal regulations without the burdens of keeping up with ever-changing digital requirements.
We are here to help you, get in contact with us today for more information.