September 15, 2023 will only be a day in the offices of ByteDance will remember with great pleasure in the future, and not because of a drastic drop in traffic on TikTok. The social platform is still the most popular at the moment, but it is the cause of the very high prices fine of 345 million euros inflicted by Data Protection Commission (DPC) irlandese for the violation – between July and December 2020 – of the privacy rules of users aged between 13 and 17.
TikTok: hit by almost 350 million euros for violating some articles of the GDPR
The investigation began in September 2021 and the outcome of the investigation has now been announced. According to the Irish authority, TikTok has violated 8 articles of the GDPR.
Smaller user profiles, for example, were automatically set to “public visibility,” thus making all content published visible to anyone, even outside the platform. Function too “Family Pairing” proved problematic, as it allowed adult users who were unable to verify their parent or guardian status to link their accounts to those of minors aged 16 or older.
ByteDance’s social platform is then accused of not providing for younger users adequate information on transparencypreventing them from fully understanding how the social network’s data processing works.
Another rather worrying factor that emerged during the investigations concerns the way in which TikTok, during the process of recording and publishing a video, almost deceptively pushes users to select options that, on balance, may compromise their privacy.
The Irish DPC against ByteDance’s social network
Ireland’s data privacy regulator has imposed a €345 million administrative fine on TikTok, citing violations that emerged during the investigation. The DPC also issued an official reprimand and required TikTok to align with regulatory standards within a maximum of three months.
«Privacy options should be provided in an objective and neutral manner, avoiding any type of deceptive or manipulative language. With this decision, the European Data Protection Board makes it clear once again that digital operators must be particularly attentive and take all necessary measures to safeguard the data protection rights of children», said Anu Talus, president of the EDPB.