Launched almost exactly two years ago, the DPC probe focused on how TikTok processed the data of children using the social media platform.
The Irish Data Protection Commission (DPC) has slammed TikTok with a €345m fine after an investigation found that the social media giant did not comply with GDPR rules relating to the processing of children’s data.
In a statement shared today (15 September), the Irish DPC said that it adopted the final decision regarding its inquiry into TikTok on 1 September.
The probe was launched two years ago, when the DPC said it would investigate the processing of personal data for users under the age of 18 and age verification measures for users under 13.
It said it would examine whether TikTok had complied with GDPR transparency obligations for processing the personal data of children during the period between 31 July and 31 December 2020.
Now, the DPC has found the Chinese-owned app had infringed on GDPR through its public-by-default settings, the Family Pairing feature, the lax age-verification process and the use of dark patterns to nudge users towards more privacy-intrusive options during sign-up.
Other than the lump sum fine, the Irish DPC also formally reprimanded TikTok and issued an order requiring TikTok to bring its processing into compliance within a period of three months.
“While there was broad consensus on the DPC’s proposed findings, objections to the draft decision were raised by the supervisory authorities of Italy and Berlin,” the DPC said in a statement.
The European Data Protection Board adopted its binding decision on the subject matter of the objections on 2 August with a direction that the DPC “must amend its draft decision to include a new finding of infringement” relating to the GDPR principle of fairness.
TikTok has faced increasing global regulatory scrutiny in recent years. The app has been banned or discouraged on government devices on both sides of the Atlantic, including in Ireland earlier this summer.
In response to some of the data protection and transfer concerns raised in the EU, TikTok announced Project Clover earlier this year to align its data security practices with the wishes of the bloc.
As part of this project, TikTok promised to build three new data centres in Europe that would house the data of its European customers.
Last week, the tech giant revealed that its first planned data centre is now operational in Dublin and that migration of European user data to the centre has begun.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.