Data protection is of central importance in today's digital world. Platforms aimed at a younger audience bear a particularly heavy responsibility. On 20.09.2023, the Irish Data Protection Commission issued a fine of 345 million euros against the social media giant TikTok on behalf of the EU. The accusation: breaches of European data protection law, particularly in the handling of minors' data.
Background to the decision
The investigation by the Data Protection Commission has revealed that TikTok violated European data protection law when handling user data of minors. As a result, a fine of 345 million euros was imposed on the video service.
Points of criticism from the Data Protection Commission
The main point of criticism from data protection experts is the fact that the profiles of minors and their uploaded videos were fully accessible to the public in the service's default settings. This approach is not compatible with the provisions of the European General Data Protection Regulation (GDPR), which stipulates special protection for minors' data.
Another problematic aspect is the so-called "family connection" setting. This makes it possible to link the TikTok account of a minor with that of an adult. However, there is no sufficient verification that the linked account actually belongs to a parent or guardian.
Reaction from TikTok
TikTok has criticized the fine and in particular its amount. A spokesperson for the company emphasized that significant changes have been made to the functions and settings in question since 2020. It was also pointed out that 17 million accounts were deleted this year alone, as they were presumably created by children under the age of 13.
Past violations
This is not the first incident in which TikTok has attracted negative attention in terms of data protection. In the past, the company has already been fined in various countries, including the UK, the Netherlands and the USA.
Efforts to improve data protection
Despite the current criticism, TikTok is emphasizing its efforts to strengthen data protection in Europe. For example, it recently launched "Project Clover" with the aim of storing European user data exclusively in the EU. Data centers in Dublin and Norway are already being planned for this purpose.
In summary, it can be said that data - especially that of minors - must always be handled with the utmost care and in compliance with the applicable laws. The TikTok case underlines the importance of data protection measures. It remains to be seen how TikTok will react to this situation and whether other companies will follow suit by rethinking and improving their data protection practices.
