European regulators are set to decide in the coming months whether video platform TikTok mishandled children’s data, violating the European Union’s landmark privacy rules, the General Data Protection Regulation.
The Irish Data Protection Commission told POLITICO it had failed to resolve objections raised by other European data protection authorities on the case.
Dublin triggered a dispute resolution mechanism set out in the GDPR and sent the case to the European Data Protection Board (EDPB), according to a spokesperson for the authority. The EDPB will have up to two months to issue a binding decision on the case, starting from when it deems to have all the documents.
The probe, which started in 2021, examines whether TikTok infringed the GDPR by failing to keep children under 13 off the platform because its age-verification measures may have been insufficient. The investigation also checks if TikTok was transparent enough in how it processed minors’ data and ensured its platforms settings went far enough to protect children’s privacy.
Ireland became responsible for overseeing TikTok in Europe in 2020 after the platform set up its legal EU headquarters in Dublin. The popular app is also being investigated by the Irish watchdog for the potentially unlawful transfer of European personal data to China.
TikTok, whose parent company ByteDance is based in China, has faced mounting scrutiny over security fears around the way it handles its users’ data. Internal Market Commissioner Thierry Breton said Friday on French television he told the company’s CEO Shou Zi Chew that TikTok has “still a lot of room for improvement” including guaranteeing safe use of children’s data.
