Europe’s latest shot across the bows in the war to protect privacy is a €345m fine for TikTok over how it dealt with children’s accounts. It was imposed under the EU’s strict general data protection regulation (GDPR) privacy legislation.
Ireland’s Data Protection Commission (DPC), which oversees TikTok because its European headquarters are in Dublin, found that the app’s “public by default” settings meant anyone could see what a child posted, whether they were TikTok subscribers or not.
The DPC also criticised its “family pairing” feature, which allowed an adult’s account to be “paired” with a child’s — even if TikTok had not verified that the adult was the parent or guardian. It was also fined for not properly protecting under-13s who were placed on the default public setting.
“TikTok did not implement appropriate technical and organisational measures to ensure and to be able to demonstrate that the foregoing processing was performed in accordance with the GDPR,” the DPC found.
DPC commissioner Helen Dixon said: “Alone the fine of €345m is a headline sanction to impose but reflects the extent to which the DPC identified that child users were exposed to risk in particular arising from TikTok’s decision at the time to default child user accounts to public settings on registration.”
The “public-by-default setting of accounts meant that anyone — either on or off the TikTok platform — could view the social media content of child users”, she said. “Child users were not adequately informed of the scope and consequences of the processing of their personal data on the platform.”
This is the first EU fine for the platform but unlikely to be its last
That pretty much sums up most social platforms’ attitude to their users, whether they are children or adults. Facebook whistleblower Frances Haugen’s statement that it “prioritised growth over safety” is true of all social media companies.
TikTok has three months to remedy this.
This is the first EU fine for the platform and its Chinese owner, ByteDance, but unlikely to be its last. There is a second investigation of EU privacy law infringements and how EU citizens’ data was transferred to China.
Tech firms can be fined up to 4% of global turnover under GDPR regulations, so they are very aware of fixing such problems.
The EU also spearheaded the enactment of legislation aimed at reining in big tech’s monopolistic power and control.
The Digital Markets Act is to “ensure a level playing field for all digital companies, regardless of their size”, according to the European parliament, including rules that “stop them from imposing unfair conditions on businesses and consumers”.
The act will give people “more control over what they see online”, including “why specific content is recommended”, and the power to opt out of profiling. “Targeted advertising will be banned for minors and the use of sensitive data, such as sexual orientation, religion or ethnicity, won’t be allowed,” the EU says.
Thankfully, there are some grown-ups in the global room who are tackling social media and its surveillance capitalism with vigour. We need more of that, and definitely more of that in South Africa.
*Shapshak is editor-in-chief of Stuff.co.za and executive director of Scrolla.Africa
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.