(Worldsfeed Tech Desk) The UK Information Commissioner’s Office (ICO) has imposed a £12.7 million ($15 million) fine on TikTok for a number of data protection breaches. These included failing to lawfully use children’s personal data and allowing under-13s to use the platform. TikTok had, in fact, allowed up to 1.4 million UK children under the age of 13 to use its platform in 2020, despite its own rules not allowing such use.
The ban on TikTok was brought in by the UK government last month, amid security concerns surrounding the Chinese-owned social media app. The move brought the UK in line with the US, Canada, the European Union (EU) and also India, which has banned TikTok entirely from the country.
Organisations that use personal data when offering information services to children under 13 are required to have consent from their parents or carers under UK data protection law. John Edwards, UK Information Commissioner, said: “TikTok should have known better. TikTok should have done better. Our £12.7 million fine reflects the serious impact their failures may have had. They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform.”
TikTok said that it is reviewing the decision and its next steps. According to Edwards, under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. Their data may have been used to track and profile them, potentially delivering “harmful, inappropriate content at their very next scroll”. TikTok is also accused of failing to carry out adequate checks to identify and remove underage children from its platform.
The ICO investigation found that a concern was raised internally with some senior employees about children under 13 using the platform and not being removed. In the ICO’s view, TikTok did not respond adequately. The ICO found that TikTok breached the UK General Data Protection Regulation (UK GDPR) between May 2018 and July 2020 by providing its services to UK children under the age of 13 and processing their personal data without consent or authorisation from their parents or carers. It also breached UK laws by failing to provide proper information to people using the platform about how their data is collected, used, and shared in a way that is easy to understand.
Users of the platform, particularly children, were unlikely to be able to make informed choices about whether and how to engage with it, as a result of TikTok’s failure to provide information about data collection, usage and sharing.
A TikTok spokesperson told the BBC that its “40,000-strong safety team works around the clock to help keep the platform safe for our community”. “While we disagree with the ICO’s decision, which relates to May 2018 – July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year. We will continue to review the decision and are considering the next steps,” the spokesperson said.
The ICO had previously issued the Chinese social media firm with a “notice of intent”, or a precursor to handing down a potential fine, warning TikTok could face a £27 million fine for its breaches. The ICO said that after taking into consideration the representations from TikTok, it had decided not to pursue the provisional finding related to the unlawful use of special category data.
The ruling follows recent high-profile moves by regulators worldwide to clamp down on social media companies that breach data protection regulations. Social media companies face increasing scrutiny as the potential impact of data misuse on individuals and society becomes better understood.