TikTok will face a fine over its handling of children’s data in the EU following a decision made Friday by the European Data Protection Board (EDPB).
The EDPB decision means that the Irish Data Protection Commission will be able to issue a financial penalty within a month. Other EU data protection authorities had previously raised objections to the case.
The Irish regulator is the EU’s lead data protection authority in proceedings against TikTok, as the company’s legal EU headquarters is based in Dublin.
The decision is part of an investigation launched in 2021 into whether TikTok had violated the EU’s data protection rules, known as GDPR, by failing to ensure its age verification processes sufficiently protected the privacy of children between the age of 13 and 17.
TikTok’s level of transparency on how it processes children’s data is also being investigated.
The Chinese-owned social media platform is used by more than 150 million people in Europe. Its parent company ByteDance reported revenues of $80 billion (EUR72.6 billion) in 2022.
The size of the fine is yet unknown.
The decision came as TikTok announced new measures on Friday to ensure compliance with the EU’s landmark legislation to regulate Big Tech, the Digital Services Act (DSA). The Act places new requirements on platforms to better protect users online, for example by better policing content and providing more transparency on the use of personal data.
In July this year, European Commissioner Thierry Breton said in a statement that the Chinese-owned platform needs to do more to get ready for the DSA, after TikTok conducted a ‘stress test’ of the new rules.
In April this year, TikTok was fined ?12.7 million (EUR14.7 million) by the UK data watchdog for illegally processing children’s data, one of the biggest penalties of its kind.
The final decision on the penalty to be issued by the Irish Data Protection Commission is expected to be announced in September.