TikTok has been fined £12.7million for a number of data protection law breaches, including failing to use children’s personal data lawfully, the Information Commissioner’s Office (ICO) said.
The ICO said more than one million children under 13 were using TikTok in 2020, despite its terms of use not allowing that.
It added that personal data belonging to those children was used without parental consent and that the company did not do enough to check who was using the social media app and take enough action to remove the underage children that were.
TikTok had faced a fine of £27million, but the final total was reduced to £12.7million.
Ryan Gracey, partner and data privacy expert at law firm Gordons, said: ‘This fine may be well below what the ICO initially threatened, but it is still a significant penalty and one of the largest ever given by the ICO.’
Information commissioner John Edwards said TikTok had failed to abide by laws to make sure children are as safe in the digital world ‘as they are in the physical world’.
He said: ‘As a consequence, an estimated one million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.
Information commissioner John Edwards said TikTok had failed to abide by laws to make sure children are as safe in the digital world ‘as they are in the physical world’.
He said: ‘As a consequence, an estimated one million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.
‘TikTok should have known better. TikTok should have done better. Our £12.7million fine reflects the serious impact their failures may have had.’
Children’s data may have been used to track and profile them, potentially presenting them with harmful or inappropriate content, he added.
A TikTok spokesperson said the company disagreed with the ICO’s decision but was pleased the fine had been reduced from the possible £27million set out by the ICO last year.
‘We invest heavily to help keep under-13s off the platform and our 40,000 strong safety team works around the clock to help keep the platform safe for our community,’ the spokesperson said.
‘We will continue to review the decision and are considering next steps.’
TikTok’s Terms of Service state that users must be at least 13 years old to sign up for an account and have full access to the platform, in compliance with the U.S’s Children’s Online Privacy Protection Act.
Commenting on the fine, data privacy expert Mr. Gracey added: ‘It’s another acute reminder that technology companies must take steps to protect personal data, especially the data of children online.
‘In particular, businesses need to be aware of the ICO’s statutory code of practice known as the Children’s Code which sets out a series of standards they expect businesses to follow when designing and building online services which may be used by children.
‘The standards include using clear language in ‘bite-size’ chunks for children to tell them what they are doing with the user’s personal data, being open about the risks and safeguards involved, and letting the user know what to do if they are unhappy.’
The ICO’s fine follows moves by Western governments and institutions in recent weeks, including Britain, to bar usage of TikTok on official devices over security concerns.