TikTok Fined £12.7m For Breaching Child Protection Law

Uploaded on 2023-04-04 in GOVERNMENT-National, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Law

TikTok has received a £12.7m fine from the British data protection regulator, the Information Commissioner's Office (ICO) for failing to protect the privacy of over 1m children. This is because it “failed to use children’s personal data lawfully” and “did not do enough” to prevent underage children using its platform the ICO said. 

The video-sharing site used the data of children aged under 13 without parental consent, according to an ICO investigation. The fine is one of the largest the ICO has ever issued.

The Chinese-owned video app had not done enough to check who was using the platform and remove underage children, the Information Commissioner’s Office (ICO) said on 4th April. It estimated TikTok allowed up to 1.4 million UK children of this age to use the platform in 2020. TikTok said it had "invested heavily" to stop under 13s accessing the site. 

UK data protection law does not have a strict ban on children using the Internet but requires organisations that use the personal data of children to obtain consent from their parents or carers.

Despite TikTok's rules requiring children under 13 to have parental consent to use the platform, the ICO said many were able to set up accounts without this. It said that children's data may have been used to track and profile them, and potentially present them with harmful or inappropriate content.

The Information Commissioner John Edwards said in a Statement: "There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws. As a consequence, an estimated one million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data... TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had."  

TikTok is allowed to appeal against the scale of the fine and has 28 days to make representations. If successful, the ICO could reduce the final amount. The regulator has a maximum of 16 weeks, from issuing the notice of a proposed fine to delivering its final verdict.

“Since the conclusion of the ICO’s investigation of TikTok, the regulator has published the Children’s code to help protect children in the digital world. It is a statutory code of practice aimed at online services, such as apps, gaming platforms and web and social media sites, that are likely to be accessed by children,” says the ICO.

In 2019, TikTok was fined $5.7m by the US Federal Trade Commission for similar practices. That fine, a record at the time, was also levied against TikTok for improper data collection from children under 13.

The company subsequently committed to improving its practices and said it would begin keeping younger users in “age-appropriate TikTok environments”, where those under 13 would be pushed into a more passive role, able to watch videos, but not post or comment on the platform.

ICO:      BBC:     Guardian:     Independent:     Mirror:      ITV:    Yahoo:  

You Might Also Read: 

British School Childrens' Confidential Data Dumped:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« AI Revolution: The Future Is Here, Now
President Biden Forbids Spyware From Government Use »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Igloo Security

Igloo Security

Igloo Security is a leader and pioneer in SIEM (Security Information & Event Management), PSIM (Physical Security Information Management) and MSS (Managed Security Services).

ISMS Accreditation Center (ISMS-AC)

ISMS Accreditation Center (ISMS-AC)

ISMS-AC is the national accreditation body for Japan. The directory of members provides details of organisations offering certification services for ISO 27001.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

SecondWrite

SecondWrite

SecondWrite’s next-generation malware detection engine delivers a combination of automatic deep code inspection and accurate scoring of zero-day malware.

White Hawk Software

White Hawk Software

White Hawk provides code tamper-proofing solutions to protect mission critical software applications from malicious and Zero day attacks and reverse engineering at run time.

Silent Sector

Silent Sector

Silent Sector is a cybersecurity services company that specializes in providing a wide range of managed security services.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

Coviant Software

Coviant Software

Coviant Software delivers secure managed file transfer (MFT) software that integrates smoothly and easily with business processes.

Zigrin Security

Zigrin Security

Zigrin Security offer comprehensive, hands-on security testing of internal networks, applications, cloud-based solutions, e-commerce applications and mobile devices.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

Sirar by STC

Sirar by STC

Sirar is an advanced technology and cybersecurity company established by STC, the MENA region’s ICT and digital services provider.