A major European tech regulator has ordered TikTok to pay a €345 million ($368 million) fine after ruling that the app failed to do enough to protect children.
The Irish Data Protection Commission, which oversees TikTok’s activities in the European Union, said Friday that the company had violated the bloc’s signature privacy law.
An investigation by the DPC found that in the latter half of 2020, TikTok’s default settings didn’t do enough to protect children’s accounts. For example, it said, newly-created children’s profiles were set to public by default, meaning anybody on the internet could view them.
TikTok didn’t sufficiently disclose these privacy risks to kids and also used so-called “dark patterns” to guide users toward giving up more of their personal information, the regulator noted.
In another violation of EU privacy law, a TikTok feature designed as a parental control and known as Family Pairing did not require that an adult overseeing a child’s account be verified as the child’s actual parent or guardian, the DPC said. The lapse meant that theoretically any adult could weaken a child’s privacy safeguards, the regulator said.
TikTok introduced Family Pairing in April 2020, allowing adults to link their accounts with child accounts to manage screen time, restrict unwanted content and limit direct messaging to children.
The DPC’s decision gives the company three months to rectify its violations and includes a formal reprimand.
TikTok didn’t immediately respond to CNN’s request for comment.
But in a blog post Friday, the company said it “respectfully” disagreed with several aspects of the ruling.
“Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021,” wrote TikTok’s European privacy chief Elaine Fox.
The changes TikTok made in early 2021 included making existing and new accounts private by default for users aged 13 to 15, Fox said. She added that later this month, “we will begin rolling out a redesigned account registration flow for new 16- and 17-year-old users” that will default to private settings.
TikTok did not say Family Pairing would now be verifying an adult’s relationship to the child. But the company said the feature had been strengthened over time with new options and tools. It added that none of the regulator’s findings concluded that TikTok’s age verification measures violated EU privacy law.
In April, TikTok was also fined in the United Kingdom for a number of breaches of data protection law, including misusing children’s personal data.