TikTok faces GDPR probe over children’s data and China transfers
The Irish data commissioner has launched investigations into TikTok over its handling of children’s data and alleged transfer of user information to China, marking the latest regulatory concerns over the popular video app.
Ireland’s Data Protection Commission, which oversees the enforcement of the EU’s General Data Protection Regulation in the country, announced on Tuesday that it would examine the company’s processing of personal data for under 18-year-olds, including the company’s age-verification measures for under-13s.
A second inquiry will examine TikTok’s alleged transfers of personal data to China.
Companies can be fined up to 4 per cent of annual global revenues, or €20m, for GDPR breaches. ByteDance reported annual revenues of $34.3bn in 2020, an increase of 111 per cent from the previous year. TikTok is in the process of opening an EU headquarters in Dublin.
“We’ve implemented extensive policies and controls to safeguard user data and rely on approved methods for data being transferred from Europe, such as standard contractual clause,” the company said, adding that it would co-operate with the Irish regulator.
Joe Biden’s administration is reviewing former president Donald Trump’s efforts to ban the app as a threat to national security amid wider fears that Chinese companies could share American citizens’ data with Beijing for espionage purposes.
TikTok has said it does not share American user data with the Chinese government. ByteDance held talks last year with several companies, including Microsoft and Oracle, over a potential sale of its US operations in an effort to resolve its tensions with Washington.
Separately, TikTok has been sued for several billion pounds for allegedly illegally collecting the personal information of millions of children in the UK and Europe. The claim, which is backed by Anne Longfield, the former children’s commissioner of England, argues that children’s data was collected without sufficient consent — which for underage users would need to be given by an adult — or transparency.
TikTok denied the claims, arguing that it had “robust policies” in place to “protect all users, and our teenage users in particular”.
The app has also faced child privacy complaints in the US. ByteDance was fined $5.7m in 2019 by the Federal Trade Commission for illegally collecting children’s data.
In July, TikTok was fined €750,000 by the Dutch Data Protection Authority for violating the privacy of child users. The regulator argued that by not publishing its privacy policies in Dutch, the app failed to provide “an adequate explanation of how the app collects, processes and uses personal data” for younger users who do not speak English.
The platform has also been under investigation by the UK Information Commissioner’s Office since 2019 over its handling of children’s data. TikTok said it would work with the investigation.