Ireland’s DPC to probe TikTok over handling of user data

15 Sep 2021

Image: © nikkimeel/Stock.adobe.com

The Data Protection Commission is the lead EU data regulator for the Chinese-owned social network.

TikTok is facing two inquiries from Ireland’s data watchdog regarding the processing of children’s data and the transfer of data to China.

The Data Protection Commission (DPC) announced yesterday (14 September) that it has commenced two inquiries into the social media platform’s compliance with GDPR.

The first will investigate the processing of personal data for users under the age of 18 and age verification measures for users under 13. It will also examine whether TikTok has complied with GDPR transparency obligations for processing the personal data of children.

TikTok has been introducing more privacy and security features for young users and enforcing age restrictions on its platform. But several groups have raised concerns over how the company handles the data of children, who make up a large proportion of its user base.

The Dutch privacy authority recently fined TikTok for failing to offer its privacy statement in Dutch, saying that this would prevent many children from understanding how the app collects, processes and uses personal data.

Earlier this year, the Italian data protection authority also ordered TikTok to stop collecting and using children’s data, while European consumer rights group BEUC levelled a series of complaints against the platform over how it protects child user data.

The second DPC inquiry will focus on the transfer of personal data to China by TikTok, which is owned by Chinese tech company ByteDance. It will look at TikTok’s compliance with GDPR requirements when it comes to transferring data to third countries.

This is something that has been on the DPC’s radar. Earlier this year, Data Protection Commissioner Helen Dixon said some of TikTok’s EU data may be accessible to teams in China.

She said at an event in March that there had been “intensive engagement” between the DPC and the Chinese-owned company, and there was “a whole lot more” that needed to be understood about the data processing.

The DPC is the lead supervisory authority for TikTok in the EU as the social media company has a growing base in Ireland. Last summer, TikTok announced that its Dublin office would be responsible for the privacy oversight of its European users.

The company has also been expanding its Irish team over the past year and plans to open its first European data centre in Ireland.

Sarah Harford was sub-editor of Silicon Republic

editorial@siliconrepublic.com