TikTok faces two investigations by the Irish Data Protection Commission over its user data collection practices. The social media platform has faced intense scrutiny over how it treats children’s data.
The first investigation will check whether the platform complies with the EU’s rules when processing children’s data. The second will look into concerns surrounding the sharing of some user data with engineers in China.
TikTok’s Data Processing Under Review
On Tuesday, September 14, the Irish Data Protection Commission said that it started investigating ByteDance Ltd’s TikTok with regards to how it handles user data. It opened two “own volition” investigations and expressed its concerns over the platform’s data practices.
The first investigation will examine how TikTok processes children’s data, and whether this complies with the EU’s General Data Protection Regulation (GDPR).
The second will aim to address concerns over the platform’s data-sharing practices. Helen Dixon, the Irish Data Protection Commissioner, in particular, has stated that some EU user data could be accessed by maintenance and AI engineers in China.
In response, TikTok put out a statement, saying “the privacy and safety of the TikTok community, particularly our youngest users, is our highest priority.” Furthermore, TikTok highlighted the policies and controls it has implemented to safeguard user data. It also relies on approved methods, such as standard contract clauses, to transfer data outside of Europe. The company said that it would fully cooperate with the Irish Data Protection Authority.
TikTok recently announced a spate of privacy controls for teenagers, which include cut-off times for younger users. The privacy protections came after growing involvement and regulatory pressure from the US. TikTok has faced immense public scrutiny for being one of the most addictive apps on the market.
Aggressive Enforcement by Data Privacy Watchdogs
Recently, the EU’s Data Regulators have taken an aggressive position against tech giants who fail to comply with the GDPR. In the past, the Irish Data Protection Commission was criticized for taking too long in its investigations and handing out weak penalties.
However, earlier this month, the Commission fined WhatsApp 225 million Euros for violating the GDPR’s transparency requirements. This marked the second largest fine ever levied under the GDPR, and represented 0.8% of Facebook’s (WhatsApp’s parent company) profits.
In June 2021, Luxembourg’s data protection commission hit tech giant Amazon with a fine of $887 million. This is the largest fine ever levied under the GDPR.
Depending on the outcome of the Irish DPC’s investigation, TikTok could be the latest major tech platform to join this list.