European Union regulators have imposed a hefty €345 million fine (equivalent to $369 million) on the Chinese-owned social media giant TikTok for breaching child data protection rules. Ireland’s Data Protection Commission (DPC) revealed this punitive action after a two-year investigation into the platform’s practices. The probe, initiated in September 2021, examined TikTok’s compliance with the EU’s General Data Protection Regulations (GDPR), with a focus on platform settings and personal data processing for users under 18. While TikTok’s age verification measures for those under 13 were deemed compliant, the DPC found that the platform failed to adequately assess risks for younger users registering on the service.

The DPC’s investigation unveiled that children signing up for TikTok had their accounts set to public by default, exposing their content to anyone, and raised concerns about the platform’s ‘family pairing’ mode, which links parents’ accounts with their teenage children’s. TikTok, a popular platform with over 150 million users in the United States and 134 million in the European Union, contested the fine, stating that the DPC’s criticisms pertained to features and settings from three years ago, many of which have since been modified. The DPC’s rigorous enforcement underscores its role in upholding the EU’s stringent data protection regulations, and this significant penalty serves as a stern reminder to tech companies operating within the region to prioritize user privacy and data security, particularly when it comes to younger users.