Everyone’s favorite app is definitely not in the good graces of the European Union. Irish regulators just hit the massive video-sharing platform with a $367 million fine for mishandling child users’ data and gave the app three months to fix it.
TechCrunch reports that the EU found TikTok in violation of the Union’s General Data Protection Regulation (GDPR) based on how it handles the data from accounts belonging to minors. The fine of €345 million, which is approximately $367 million at the time of writing, was issued to TikTok by the Irish Data Protection Commission. The regulators found TikTok guilty of violating two of the GDPR’s articles, including breaches of lawfulness, fairness, and transparency of data processing and the rights of the subject to receive communication of data handling.
“We respectfully disagree with the decision, particularly the level of the fine imposed,” a TikTok spokesperson told the outlet. “The DPC’s criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default.”
While the Irish Data Protection Commission found no issue with the way TikTok verified user ages, it did take issue with the platform’s default settings. The Commission argues that TikTok’s default settings allow anyone to view content posted by all users, whether they’re under the age of 13 or not. TikTok’s settings also enabled children’s profiles to be set to default automatically, according to TechCrunch.
This is not the first time that TikTok has been slammed with a fine, especially in terms of how it handled kids’ data. In 2019, TikTok paid $1.1 million after a lawsuit filed by parents in the United States District Court for the Northern District of Illinois alleged that the app’s predecessor Musical.ly collected and sold identifying data to advertisers. Privacy regulators in the UK also threatened to fine TikTok in 2022 for processing account data for kids under 13.