By John Ikani
TikTok may face a £27 million ($29 million) fine in the UK after privacy regulators found failings in the company’s handling of children’s data.
Provisional findings by UK’s Information Commissioner’s Office (ICO) revealed that the company breached child data protection laws for a two-year period.
The alleged law breach happened from May 2018 through July 2020, with the ICO noting that the company “may have” processed data of children under the age of 13 without parental consent.
Additionally it said TikTok failed to present information to its users in a way that’s easy to understand, and processed “special category data” — such as information on a person’s race or ethnicity — without legal grounds.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” Information Commissioner John Edwards said in a statement Monday.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
The ICO noted that its findings are “provisional” and that “no conclusion should be drawn at this stage that there has, in fact, been any breach of data protection law or that a financial penalty will ultimately be imposed.”
The ICO can issue a maximum fine amounting to 4% of TikTok’s annual global revenues under the EU’s GDPR, which is still enshrined in U.K. law.
TikTok now has 30 days to come up with a response to the decision. If company officials make a convincing enough case defending its handling of children’s data, the ICO may reduce the size of the penalty, or refrain from imposing a fine altogether.
The ByteDance-owned video social network has fallen under increasing scrutiny over its data privacy practices.
Sandwiched in between all that, a U.K. High Court judge recently greenlighted a class action-style lawsuit against TikTok over its handling of children’s data, after it was filed initially by a 12-year-old back in 2020.