🔒 Key Privacy Update: TikTok Instructed to Address Child Privacy Concerns

In a significant development, the European Data Protection Board (EDPB) has issued a directive to TikTok, mandating changes in the platform’s handling of personal data for users aged 13 to 17. The EDPB found that TikTok’s design practices were not aligned with GDPR fairness principles during the period from July 31 to December 31, 2020.

Anu Talus, EDPB Chair, emphasized the critical role of social media platforms in ensuring fairness, particularly for young users. The EDPB’s binding decision identified concerns with two pop-up notifications that guided choices for young users . 📢 The Registration Pop-Up subtly encouraged children to select public account settings, potentially compromising their privacy.

📷 The Video Posting Pop-Up exhibited a design bias in favor of posting content publicly over privately.

Consequently, the EDPB determined that these practices were in violation of GDPR fairness principles. TikTok has been directed to rectify these design practices.

📲 The EDPB also expressed reservations about TikTok’s age verification measures, highlighting potential circumvention and inadequate enforcement.

While the EDPB could not provide a definitive assessment of TikTok’s compliance during the specified period, it underscored the importance of enhanced transparency and data protection by design.

The Irish Data Protection Authority (IE DPA), acting as the lead supervisory authority, has incorporated the EDPB’s findings into its final decision. This decision includes a substantial fine of €345 Million.

For comprehensive details, please refer to the IE DPA’s final decision.