The short-video-sharing app is accused of breaching data privacy norms in the European Union.
On September 14, 2021, Ireland’s Data Protection Commission (DPC) launched an investigation into Bytedance-owned TikTok, the popular video sharing app. This investigation comes as TikTok is already facing backlash regarding data privacy concerns. To know more about the app’s highs and lows in 2020, check out this article.
Ireland is TikTok’s lead regulator in the European Union (EU). The inquiries are in line with section 110 of the Data Protection Act of 2018. If found guilty, the company can face hefty fines amounting to 4% of TikTok’s global revenue.
The nature of this investigation is two-fold.
Prioritizing the privacy of children on the app
Firstly, the investigation would focus on the app’s processing of “personal data… for users under age 18, and age verification measures for persons under 13”. It will also look at whether TikTok is transparent about how it processes such data.
The watchdog is looking into the app’s processing of children’s personal data. It will also probe whether TikTok is in line with EU laws about transferring personal data to other countries, such as China.
The General Data Protection Regulation (GDPR) law in the EU has limits on how kids’ information should be processed. There’s an age cap on the ability of children to consent to their data being processed and used. For some countries, the age limit is 13 years old, while for others, it is set at 16.
In response to this, the TikTok spokesperson said, “The privacy and safety of the TikTok community, particularly our youngest members, is our highest priority.”
These include making their accounts private by default, and not sending them push notifications at night. It will also limit their exposure to certain features, like dueting and stitching in which users interact with each other. The app also deleted seven million accounts belonging to users who were under 13 years old. They are not allowed on the platform at all. TikTok followed that up in July by deleting millions of accounts which it said belonged to under-13s.
Sharing user data with third-party countries
The second investigation focuses on “transfers by TikTok of personal data to China”, the statement noted. It will aim at finding out whether the app complies with the GDPR requirements for transfer of data to third-parties.
TikTok has often come under fire for allegedly sharing data with Chinese companies and even the government. On July 7, 2020, the U.S. Secretary of State Mike Pompeo warned that TikTok puts “your private information in the hands of the Chinese Communist Party.”
However, TikTok has repeatedly denied these claims. In an interview to CNBC, it said, “We have never provided user data to the Chinese government, nor would we do so if asked.” In addition to that, a study by research group Citizen Lab also concluded that there is no overt evidence that TikTok shares data with the Chinese government.
The consequences of this investigation
The DPC can impose fines of up to 4% of the global revenue of a company. Earlier this September, they fined Facebook over US$250 million over data privacy breaches by the social media app.
Header Image by Flickr