ICO fines TikTok £12.7 million for misusing children’s data

ICO fines TikTok £12.7 million for misusing children’s data

The Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc (TikTok) for a number of breaches of data protection law, including failing to use children’s personal data lawfully.

The ICO estimates that TikTok allowed up to 1.4 million UK children under 13 to use its platform in 2020, despite its own rules not allowing children that age to create an account.

UK data protection law says that organisations that use personal data when offering information society services to children under 13 must have consent from their parents or carers.

TikTok failed to do that, even though it ought to have been aware that under 13s were using its platform. TikTok also failed to carry out adequate checks to identify and remove underage children from its platform.

The ICO investigation found that a concern was raised internally with some senior employees about children under 13 using the platform and not being removed. In the ICO’s view, TikTok did not respond adequately.

John Edwards, UK Information Commissioner, said: “There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws.

“As a consequence, an estimated 1 million under 13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.

“TikTok should have known better. TikTok should have done better. Our £12.7 million fine reflects the serious impact its failures may have had. It did not do enough to check who was using its platform or take sufficient action to remove the underage children that were using it.”

Browse our latest issue

Intelligent CISO

View Magazine Archive