TikTok faces two official inquiries over the lack of data protection for Its minor users

15TH SEPTEMBER 2021 - Two new inquiries regarding data privacy have been launched against Chinese owned TikTok over worries that private data of minor users have been processed and transferred to China without the user’s knowledge and consent.  

These inquiries, raised by Ireland’s Data Protection Commission, the lead EU regulator for TikTok and other high profile international internet firms can charge fines of up to 4% of global revenue.  

In detail, the first probe concerns “the processing of personal data in the context of platform settings for users under age 18 and age verification measures for persons under 13”, as issued in a statement by the Data Protection Commission.      

Additionally proposed in the same statement, the second probe is aimed to examine the transfers made by TikTok of its user’s confidential data to China without consent as well as TikTok’s compliance with EU data laws regarding transferal of personal data to non-EU nations. 

Regarding the inquiries, a spokesperson for TikTok assured that thorough application of policies and controls needed to safeguard its user’s personal data were enforced, all of which are in line with EU approved methods regarding transferal of data from Europe.  

Earlier in August 2021, TikTok faced public scrutiny over lack of protection for it’s teenage and younger users from undisclosed advertising and inappropriate content. Following this, TikTok announced stricter privacy controls, stating that “the privacy and safety of the TikTok community, particularly our youngest members, is our highest priority”.  

Ireland’s data privacy watchdog has been subjected to repeated criticism in the past from other EU regulators over the lack of severity over imposed sanctions and the speed of which its inquiries are placed and processed. Additionally, private campaigners have repeatedly criticised the lack of action taken by the Irish DPC (data protection commission) in response to privacy abuses committed by US tech giants.  

Serious complaints concerning privacy abuses committed by the US tech giants Google, Facebook, Microsoft and Twitter remain 98% unresolved.  

Only earlier this month, a fine of EUR 25 million was imposed on to WhatsApp under the EU’s General Data Protection Regulation Law 2018.   

Further highlighting the inefficiency of the Irish DCP, the Spanish data protection agency which has a budget of £15.8 million proposes ten times the amount of decision drafts compared to the Irish DCP which has a budget of £19 million.  

EU officials have stated that it’s authority to force the Irish DCP to process these complaints more effectively and quickly is limited.