TikTok, a Chinese short video platform, is quite popular among young users, which has led to a slew of privacy-related issues. 

The UK’s Information Commissioner’s Office (ICO) found the video-sharing platform may have processed the data of under-13s without appropriate consent. This breach of privacy is said to have happened over more than two years, between May 2018 and July 2020. 

The UK government’s finding has resulted in the platform potentially receiving a fine of £27 million. 

In a legal document notifying TikTok of the possible fine, The Information Commissioner’s Office also said that TikTok may have processed sensitive categories of data “without legal grounds” and may have failed to provide information to its users transparently enough. 

“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” said Information Commissioner John Edwards. He further added that “Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.” 

In response, TikTok disputes the findings, stating they are “provisional.” In a statement, TikTok said: “While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intent to formally respond to the ICO in due course.” 

While today’s announcement is not final, it indicates that the UK’s investigations have unearthed enough to warrant a potentially hefty fine. This also shows the UK’s commitment to the safeguarding of children’s privacy rights in addition to the Children’s Code which has tolled in September last year. The Children’s Code put in place new data protection codes of practice for online services likely to be accessed by children, built on existing protection laws, with financial penalties a possibility for serious breaches. 

This sentiment is also echoed in the US, where the US Senate Committee voted to approve a measure that would raise the age that children were given special online privacy protections to 16 and prohibit targeted advertising to children without consent. 

This is not the first time the platform has been sanctioned due to its mishandling of children’s data. In 2019, the firm was given a record $5.7 million fine by the Federal Trade Commission for mishandling children’s data. They have also been fined in South Korea for similar reasons.