Fine of 345 million euros for TikTok

TikTok is fined by the DPC for 3 violations of the General Data Protection Regulation (GDPR):

The videos posted by children on the platform defaulted to "public. This allowed anyone to see those videos, not just their friends.

'Family Pairing' was poorly set up. Others other than a child's parents or guardians could pair their account with the child's.

TikTok did not provide clear information to children about their account settings. As a result, children did not know, for example, the consequences of the default "public" setting for videos.

Dutch research on TikTok

The AP launched an investigation into TikTok in May 2020. The AP did this mainly because the platform is very popular with a vulnerable group: children. In 2021, based on this investigation, the AP was only able to impose a fine on TikTok because the company offered the privacy notice in English to Dutch children.

Dutch request to the DPC

However, the AP's fact-finding at the time revealed more privacy problems, similar to what the Irish investigation now reveals. The AP then formally asked the DPC to investigate in response to these AP findings. And to proceed to sanction, should the DPC find after investigation that TikTok violated the AVG. Partly based on this official request, the DPC launched its own investigation, resulting in the €345 million fine.

The reason for the AP's request was that TikTok established itself with a European headquarters in Ireland in July 2020. This left the AP without authority to make a decision for much of the investigation findings.

Supervisory cooperation

"This case shows how the privacy regulators in Europe are together making a fist against big tech companies that violate privacy," said AP Chairman Aleid Wolfsen. "Even when those companies open headquarters in another European country during an investigation."