LONDON — The U.K.’s data regulator has fined TikTok £12.7m for several breaches, including misusing children’s data.
TikTok users are meant to be over the age of 13, but the Information Commissioner’s Office (ICO) estimated that 1.4 million children in the U.K. were on TikTok in 2020, breaching its terms of service.
That meant that the social network was using children’s personal data without parental consent and it “did not do enough” to check who was on the platform, the ICO said.
Information Commissioner John Edwards said: “Their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.”
A TikTok spokesperson said the company is reviewing the decision and considering its next steps.
Under data protection law, any organization must have parent or carer consent to use data of children under 13.
“TikTok failed to do that, even though it ought to have been aware that under 13s were using its platform”, the ICO said in a statement on Tuesday. “In the ICO’s view TikTok did not respond adequately.”
That was despite concerns being raised internally with senior staff about children using the platform.
Edwards added: “TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.”
It is one of the largest fines the regulator has issued. However, it is still half of what the ICO originally threatened last September.
The ICO said the penalty was reduced after it removed one of its provisional findings that TikTok had unlawfully used “special category data.”
The TikTok spokesperson added: “While we disagree with the ICO’s decision, which relates to May 2018 – July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year.”