TikTok has been fined $369 million by the Irish Data Protection Commission (DPC) for a breach of European law in its handling of children’s data.

The ruling is the result of a two-year investigation that examined TikTok’s age verification protocols and, alongside the fine, calls for the data processing protocols to be rectified within three months. 

The video-sharing platform was found to have violated eight articles of the EU's General Data Protection Regulation, relating to breaches in the fairness and transparency of data processing and communications, the app’s ability to securely prevent users under 13 from signing up and its ability to protect young users from potential risks.

Among the issues identified, the investigation found children signed up to the app had their profiles automatically set to public, meaning comments and videos could be seen and accessed by anyone and thereby opening young users up to potential vulnerabilities.

A child’s account was also able to access the “family pairing” feature – linking an adult account to the child’s – without any verification that the adult user is related to the child. This meant young users could have their content monitored by the adult user and could also be directly contacted by older users. 

Related:Duolingo Cites Data Scrape for Exposing Nearly 3M Email Addresses

In a response posted to its website, TikTok’s head of privacy Elaine Fox said the company “respectfully disagrees” with the findings of the investigation, saying it references protocols no longer in place. 

“The DPC's investigation focused on the period between July and December 2020 only,” Fox said. “The DPC did not find that TikTok's age assurance measures violated the GDPR, and most of the decision's criticisms are no longer relevant as a result of measures we introduced at the start of 2021.” 

Indeed, during the first three months of 2023, TikTok removed nearly 17 million suspected underage accounts globally.

“Age assurance is an industry-wide challenge,” Fox said. “We will continue to engage with regulators and other experts to identify new solutions that further enhance our efforts to keep underage users off the platform.”