TikTok Fined £12.7m For Breaching Child Protection Law

TikTok has received a £12.7m fine from the British data protection regulator, the Information Commissioner's Office (ICO) for failing to protect the privacy of over 1m children. This is because it “failed to use children’s personal data lawfully” and “did not do enough” to prevent underage children using its platform the ICO said. 

The video-sharing site used the data of children aged under 13 without parental consent, according to an ICO investigation. The fine is one of the largest the ICO has ever issued.

The Chinese-owned video app had not done enough to check who was using the platform and remove underage children, the Information Commissioner’s Office (ICO) said on 4th April. It estimated TikTok allowed up to 1.4 million UK children of this age to use the platform in 2020. TikTok said it had "invested heavily" to stop under 13s accessing the site. 

UK data protection law does not have a strict ban on children using the Internet but requires organisations that use the personal data of children to obtain consent from their parents or carers.

Despite TikTok's rules requiring children under 13 to have parental consent to use the platform, the ICO said many were able to set up accounts without this. It said that children's data may have been used to track and profile them, and potentially present them with harmful or inappropriate content.

The Information Commissioner John Edwards said in a Statement: "There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws. As a consequence, an estimated one million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data... TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had."  

TikTok is allowed to appeal against the scale of the fine and has 28 days to make representations. If successful, the ICO could reduce the final amount. The regulator has a maximum of 16 weeks, from issuing the notice of a proposed fine to delivering its final verdict.

“Since the conclusion of the ICO’s investigation of TikTok, the regulator has published the Children’s code to help protect children in the digital world. It is a statutory code of practice aimed at online services, such as apps, gaming platforms and web and social media sites, that are likely to be accessed by children,” says the ICO.

In 2019, TikTok was fined $5.7m by the US Federal Trade Commission for similar practices. That fine, a record at the time, was also levied against TikTok for improper data collection from children under 13.

The company subsequently committed to improving its practices and said it would begin keeping younger users in “age-appropriate TikTok environments”, where those under 13 would be pushed into a more passive role, able to watch videos, but not post or comment on the platform.

ICO:      BBC:     Guardian:     Independent:     Mirror:      ITV:    Yahoo:  

You Might Also Read: 

British School Childrens' Confidential Data Dumped:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI Revolution: The Future Is Here, Now
President Biden Forbids Spyware From Government Use »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

WEBINAR: How To Build And Implement An Effective Endpoint Detection And Response Strategy

Join this webinar to learn how the cloud threat landscape is evolving and organizations are deploying more advanced and capable security controls at scale.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Praetorian

Praetorian

Praetorian services include security assessments, penetration testing, code reviews, regulatory compliance solutions, and incident response.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

SpectX

SpectX

SpectX is software for parsing and analysing raw logs and any other unstructured data for applications such as Infosec incident investigation and forensics.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain

SparkLabs Cyber + Blockchain accelerator is located in Washington D.C. which is one of the world's top cybersecurity ecosystems.

Accel

Accel

Accel is a leading venture capital firm that invests in people and their companies from the earliest days through all phases of private company growth. Areas of focus include cybersecurity.

Tetra Tech

Tetra Tech

Tetra Tech is a cybersecurity leader with extensive experience in supporting enterprise-wide programs and systems across multiple business lines from industrial control systems to health IT.

Octiga

Octiga

Octiga is an office 365 cloud security provider. It offers Office 365 monitoring, incident response and recovery tools.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Apex Systems

Apex Systems

Apex Systems is a world-class technology services business that incorporates industry insights and experience to deliver solutions that fulfill our clients’ digital visions.

ATSG

ATSG

ATSG is a global leader in transformational technology solutions for today’s digital enterprise. Cybersecurity ranging from Advisory & Assessment to Fully Managed Detection and Response Services.

Unified National Networks (UNN)

Unified National Networks (UNN)

UNN’s mission is to unify the national networks and create a modern and cost efficient digital platform connecting the entire country.