TikTok could be fined £27m by the UK's data watchdog for failing to protect children’s privacy on the video-based social media platform.
ICO has issued TikTok Inc and TikTok Information Technologies UK Limited (TikTok) with a “notice of intent”.
This legal document, which precedes a potential fine, sets out ICO’s provisional view that TikTok breached UK data protection law between May 2018 and July 2020.
ICO’s investigation found that TikTok may have:
- Processed the data of children under the age of 13 without appropriate parental consent
- Failed to provide proper information to its users in a concise, transparent and easily understood way
- Processed special category data, without legal grounds to do so.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections," said Information Commissioner John Edwards.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.
“I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary.”
He added: “In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s code and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough.”
The commissioner’s noted that the findings are "provisional" and that the ICO will consider any representations from TikTok before taking a final decision.
A TikTok spokesperson told Cosmetics Business: “This notice of intent, covering the period May 2018 to July 2020, is provisional and, as the ICO itself has stated, no final conclusions can be drawn at this time.
“While we respect the ICO's role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course."
Last month, beauty goliath Sephora was fined $1.2m over an alleged consumer privacy breach in California, where it was claimed customers were not informed that the retailer was selling their data.