Ireland's Data Protection Commission (DPC) today announced its decision to fine TikTok €345 million for failing to comply with the GDPR when processing the personal data of child users of the platform.
The investigation, which focused on the period between July 31 and December 31, 2020, examined TikTok's obligations under the GDPR.
The EU-wide European Data Protection Board's final decision was passed on August 2, 2023, and further findings were to be included in the DPC's draft decision that would lead to not only a fine, but also a reprimand for TikTok ordering the company to comply within 3 months from the notification of the decision.
A chart showing the full summary of the findings is shown above, as provided by the DPC, with a breakdown of exactly what was found with TikTok's breaches of GDPR requirements.
The graphic mainly focuses on how the age verification feature was not sufficient to prevent users from accessing the platform by entering false information to bypass verification, but also on failures with the “Family Pairing” feature that gives parents options to disable certain functions to protect instant messages.