On Monday, September 26th, the UK issued a warning to TikTok, claiming the short-form video platform may have violated children’s privacy. This came after an investigation conducted by the UK’s Information Commissioner’s Office (ICO) found TikTok may have breached data protection law between May 2018 and July 2020.
As a result, the ICO issued a legal document, called a “Notice of Intent,” to TikTok, stating the platform could be hit with a hefty $29 million fine. The maximum fine the ICO can impose would be based on a calculation of 4% of TikTok’s global annual turnover. If imposed, such a penalty would be the largest ever issued by the authority, besting the $26 million fine they gave British Airways in 2020following a large-scale data breach.
The accusations against TikTok are startling. The document released by the ICOsaid TikTok may have processed the data of children under 13 without appropriate parental consent and processed “special category data” without legal grounds to do so. The commissioner said “special category data” included ethnic and racial origin, political opinions, religious beliefs and sexual orientation. It also said TikTok may have failed to provide transparent, easily understood information to its users. Such processing would fall foul of the General Data Protection Regulation (GDPR), which contains strict requirements on companies processing children’s personal data.
TikTok, which is owned by the Chinese company ByteDance, disagrees with the investigation’s findings. “While we respect the ICO’s role in safeguarding privacy in the U.K., we disagree with the preliminary views expressed and intend to formally respond to the ICO,” said a statement released by TikTok.
John Edwards, Information Commissioner, said the body’s provisional viewwas that TikTok “fell short” of providing proper data privacy protections. He added, “We all want children to be able to learn and experience the digital world, but with proper data privacy protections.” Edwards then went on to reinforce the seriousness of the situation saying, “I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary,” he says. The body did, however, state that its findings are not final and that it will consider any representations from TikTok before making a final decision.
Yet, this is not the first time TikTok has fallen under such scrutiny. The ICO investigation follows a probe in the US, where the Federal Trade Commission (FTC) fined the company $5.7 million for similarly collecting personal information from children without parental consent, in violation of the Children’s Online Privacy Protection Act (COPPA). In July, an Australian-US cybersecurity firm published a report that found TikTok collected “excessive” amounts of information from its users. And going back a little bit further, TikTok was fined by the Korea Communications Commission (KCC) for similar offenses in 2020.
The ICO is also currently looking into how over 50 different online services are conforming with the UK’s Children’s code. Edwards revealed the organization has “six ongoing investigations looking into companies providing digital services who haven’t, in [their] initial view, taken their responsibilities around child safety seriously enough.” This stance should serve as a warning to other platforms and online services that these privacy issues are being taken seriously. The UK and other countries around the world are not afraid to crackdown.
Image by <a href=”https://www.freepik.com/free-photo/child-with-social-media-addiction_26527528.htm#query=child%20on%20social%20media&position=34&from_view=search”>Freepik</a>