Listen
to
this
post
On
April
4,
2023,
the
data
protection
regulator
of
the
UK,
the
Information
Commissioner’s
Office
(ICO),
issued
a
fine
of
a
£12.7
million
to
TikTok
Information
Technologies
UK
Limited
and
TikTok
Inc
(together,
“TikTok”)
for
a
number
of
breaches
of
UK
data
protection
law,
including
failing
to
use
children’s
personal
data
lawfully.
In
summary,
the
ICO
found
that
TikTok
breached
the
UK
GDPR
between
May
2018
and
July
2020
by:
-
providing
its
services
(i.e.,
an
information
society
service)
to
UK
children
under
the
age
of
13
and
processing
their
personal
data
without
consent
or
authorization
from
their
parents
or
carers; -
failing
to
inform
users
of
the
platform
about
how
their
data
is
collected,
used
and
shared
in
a
way
that
is
easy
to
understand,
meaning
users
of
the
platform,
in
particular
children,
were
unlikely
able
to
make
informed
choices
about
whether
and
how
to
engage
with
it;
and -
failing
to
ensure
that
the
personal
data
of
its
users
was
processed
lawfully,
fairly
and
in
a
transparent
manner.
The
UK
Information
Commissioner,
John
Edwards,
stated
that
“TikTok
should
have
known
better.
TikTok
should
have
done
better.
Our
£12.7m
fine
reflects
the
serious
impact
their
failures
may
have
had.
They
did
not
do
enough
to
check
who
was
using
their
platform
or
take
sufficient
action
to
remove
the
underage
children
that
were
using
their
platform.”
This
fine
follows
the
initial
notice
of
intent
which
was
issued
to
TikTok
in
September
2022
for
a
fine
of
£27
million.
The
fine
was
reduced
following
representations
from
TikTok
to
the
ICO
which
resulted
in
the
ICO
not
pursuing
the
earlier
finding
related
to
unlawful
use
of
special
category
data.