TikTok has been fined 345 million euro (£296 million) over its use of children’s data.
The Irish data regulator said that the app was built so that children’s accounts were public by default and that they were not properly protected from being messaged by adults.
It is just the latest major tech company to be hit with substantial fines from the country’s regulators over the way they use people’s information.
The fine was imposed on TikTok Technology Limited (TTL) by the Data Protection Commission (DPC) after the probe into how certain privacy settings and features complied with obligations under the EU’s General Data Protection Regulation.
The DPC inquiry examined age verification as part of the registration process and the processing of the personal data of children by the Chinese-owned video-sharing platform between July 31 and December 31 2020.
Tiktok said that it “respectfully disagreed” with the level of the fine imposed and stated that it related to features and settings which were in place three years ago.
The DPC adopted its final decision regarding its inquiry into TTK on September 1.
The DPC ruling described how child users progressed through the sign-up to the TikTok platform in such a manner that their accounts were set to public by default.
It said this meant that videos that were posted to child users’ account were public-by-default and comments were enabled publicly by default.
In the Family Pairing feature, the DPC said a child user’s accounts could be “paired” with an unverified non-child.
It said that that the non-child user had the power to enable direct messages for child users above the age of 16, thereby making this feature less strict for the child user.
As part of the inquiry, the DPC also examined some of TTL’s transparency obligations, including the extent of information provided to child users in relation to default settings.
The DPC has issued a reprimand as well as an order requiring TTL to bring its processing into compliance by taking specified action specified within three months and administrative fines totalling 345 million euro.
A spokesperson for TikTok said: “We respectfully disagree with the decision, particularly the level of the fine imposed.
“The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”
It is the latest in a series of fines handed out by the DPC in Ireland to social media giants.
Earlier this year, Facebook’s parent company Meta Ireland was fined 390 million for breaches of EU data privacy rules, one of a number of fines the DPC has imposed on the company.
In Januar,y WhatsApp was fined more than five million euro over data protection breaches and last year Instagram was fined 405 million euro over the way in which it handled teenagers’ personal data.
Earlier this year in the UK, the Information Commissioner’s Office fined TikTok £12.7 million because it “did not do enough” to make sure underage children were not using its platform and ensure that their data was used correctly.
Additional reporting by Press Association