Britain’s privacy watchdog hit TikTok with a multimillion-dollar penalty Tuesday for misusing children’s data and violating other protections for users’ personal information. The Information Commissioner’s Office said it issued a fine of 12.7 million pounds ($15.9 million) to the short-video sharing app, which is wildly popular with young people.
It’s the latest example of tighter scrutiny that TikTok and its parent, Chinese technology company ByteDance, are facing in the West, where governments are increasingly concerned about risks that the app poses to data privacy and cybersecurity.
The British watchdog, which was investigating data breaches between May 2018 and July 2020, said TikTok allowed as many as 1.4 million children in the U.K. under 13 to use the app in 2020, despite the platform’s own rules prohibiting children that young from setting up accounts.
TikTok didn’t adequately identify and remove children under 13 from the platform, the watchdog said. And even though it knew younger children were using the app, TikTok failed to get consent from their parents to process their data, as required by Britain’s data protection laws, the agency said.
“There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws,” Information Commissioner John Edwards said in a press release.
TikTok collected and used personal data of children who were inappropriately given access to the app, he said.
“That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll,” Edwards said.
The company said it disagreed with the watchdog’s decision.
“We invest heavily to help keep under 13s off the platform and our 40,000-strong safety team works around the clock to help keep the platform safe for our community,” TikTok said in a statement. “We will continue to review the decision and are considering next steps.”
TIkTok says it has improved its sign-up system since the breaches happened by no longer allowing users to simply declare they are old enough and looking for other signs that an account is used by someone under 13.
The penalty also covered other breaches of U.K. data privacy law.
The watchdog said TikTok failed to properly inform people about how their data is collected, used and shared in an easily understandable way. Without this information, it’s unlikely that young users would be able “to make informed choices” about whether and how to use TikTok, it said.
TikTok also failed to ensure personal data of British users was processed lawfully, fairly and transparently, the regulator said.
TikTok initially faced a 27 million-pound fine, which was reduced after the company persuaded regulators to drop other charges.
U.S. regulators in 2019 fined TikTok, previously known as Music.aly, $5.7 million in a case that involved similar allegations of unlawful collection of children’s personal information.
Also Tuesday, Australia became the latest country to ban TikTok from its government devices, with authorities from the European Union to the United States concerned that the app could share data with the Chinese government or push pro-Beijing narratives. U.S. lawmakers are also considering forcing a sale or even banning it outright as tensions with China grow.
Sign up for our weekly newsletter to get more English-language news coverage from EL PAÍS USA Edition