TikTok's failure to keep kids off the app has landed it in hot water with Britain's Information Commissioner's Office (ICO), which slapped the company with a £12.7 million ($15.8 million) fine for violating its data protection law.
TikTok allegedly allowed up to 1.4 million UK children under 13 to use its platform in 2020, which violates the General Data Protection Regulation (GDPR). Much like its rivals, TikTok also bans pre-teens from creating accounts, but it's pretty easy to get around age checks.
"There are laws in place to make sure our children are as safe in the digital world as they are in the physical world," says UK Information Commissioner John Edwards says. "TikTok did not abide by those laws. As a consequence, an estimated 1 million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data.
"That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll," he adds.
Between May 2018 and July 2020, according to the ICO, TikTok breached the GDPR by providing services to children under 13 and processing personal data without adult consent; failing to provide proper information about how data is collected, used, and shared; and failing to ensure personal data belonging to UK users was processed lawfully, fairly, and transparently.
"TikTok should have known better. TikTok should have done better," Edwards says. "Our £12.7 million fine reflects the serious impact their failures may have had. They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform."
TikTok actually dodged a monetary bullet, considering the original fine was set at £27 million ($33.7 million). The regulator, however, declined to pursue a provisional finding related to "unlawful use of special category data," cutting the penalty by more than half.