TikTok might face a £27 million fine following an ICO investigation that discovered the company may have violated UK data protection law by failing to protect children’s privacy when using the TikTok platform.
A “notice of intent,” which is a legal document that comes before a possible fine, has been given by the ICO to TikTok Inc. and TikTok Information Technologies UK Limited (collectively, “TikTok”).
The notice outlines the ICO’s preliminary conclusion that between May 2018 and July 2020, TikTok violated UK data protection law.
🗣 John Edwards, the information commissioner, stated:
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections. Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.
“I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary. In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s code and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough.”
📌 According to the ICO investigation, TikTok might have:
- handled underage children’s data without getting proper parental authorization;
- failed to give users accurate information in a clear, transparent, and understandable manner; and
- processed special category data without a valid legal justification.
The conclusions in the notice made by the Commissioner are preliminary.
At this point, it should not be assumed that there has been a data protection legislation violation or that a fine has been issued.
Before making a decision on this case, the ICO is going to evaluate any response TikTok may make carefully.