TikTok has been subject to a privacy inquiry into two issues by the Irish Data Protection Commission (DPC) in the EU.
The agency is investigating children’s processing of their personal data and whether TikTok complies with EU laws regarding the transfer of personal data to other countries, such as China.
TikTok said privacy is “our highest priority”. The Irish DPC said it is looking specifically at GDPR-related issues. These are EU privacy laws that can result in huge fines, potentially up to 4% of a company’s global turnover. He said the initial investigation will examine “the processing of personal data for users under the age of 18 and age verification measures for those under the age of 13.” It will also examine how transparent TikTok is about how it processes such data. This is not the first time the Irish DPC has investigated such issues. In October 2020, it announced that it was investigating Instagram’s processing of children’s personal data.
Tiktok also faced a similar collective legal action in the UK, led by a former children’s commissioner. The second investigation, announced this week, is a unique TikTok issue. DPC said it’s around “transferring personal data to China by TikTok.” TikTok is owned by Chinese company ByteDance and has faced repeated accusations that it shared something with Chinese companies – even the Chinese Government – something the firm vehemently denies.
During Donald Trump’s presidency, it was nearly banned in the US – since then that order has been dropped. DPC’s investigation is more closely concerned with whether TikTok complies with EU rules on data transfer to so-called “third countries”, which the EU has not given a seal of approval over privacy laws. TikTok has made a number of changes to its systems to fend off both allegations. In January, as part of its bid to improve child safety on the platform, it made all accounts under the age of 16 private by default. He followed up in July by deleting millions of accounts he said belonged to minors under the age of 13, who should never be allowed on the platform. And in August, it announced that it would no longer send push notifications to children’s accounts at certain times of the day, saying it was designed to help children study, relax and sleep. TikTok said in a statement: “We have implemented comprehensive policies and controls to protect user data and relied on approved methods for data transferred from Europe, such as standard contract clauses. We plan to cooperate fully with DPC.”
The Irish Commission plays a leading role in regulating many of the world’s largest tech firms, as companies like TikTok, Facebook and Google all have their European headquarters in Ireland. However, it has been accused by some of having a lax approach to implementation.
For example, it recently handed WhatsApp the second largest GDPR penalty on record at €225 million.
It initially proposed a much smaller fine of between 30m and 50m euros, but faced objections from data watchers from several other EU countries. The dispute eventually got in front of an official EU board, which told the Irish DPC to change its finding and impose a higher fine.
Max Schrems, a prominent privacy advocate and established critic of the Irish regulator, said at the time that the incident “showed how the DPC was still highly dysfunctional”.
Source: BBC News