Information Commissioner's Office
ICO could impose multi-million pound fine on TikTok for failing to protect children’s privacy
TikTok could face a £27 million fine after an ICO investigation found that the company may have breached UK data protection law, failing to protect children’s privacy when using the TikTok platform.
The ICO has issued TikTok Inc and TikTok Information Technologies UK Limited (‘TikTok’) with a ‘notice of intent’ - a legal document that precedes a potential fine.
The notice sets out the ICO’s provisional view that TikTok breached UK data protection law between May 2018 and July 2020.
The ICO investigation found the company may have:
- processed the data of children under the age of 13 without appropriate parental consent,
- failed to provide proper information to its users in a concise, transparent and easily understood way, and
- processed special category data, without legal grounds to do so.
The Commissioner’s findings in the notice are provisional. No conclusion should be drawn at this stage that there has, in fact, been any breach of data protection law or that a financial penalty will ultimately be imposed. We will carefully consider any representations from TikTok before taking a final decision.
Information Commissioner, John Edwards said:
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections. Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.
“I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary. In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s code and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough.”
Notes to editors:
- Special category data includes: ethnic and racial origin, political opinions, religious beliefs, sexual orientation, Trade union membership, genetic and biometric data or health data.
- Companies who breach the UK GDPR and/or the Data Protection Act can be fined up to £17.5 million or 4% of the company’s annual global turnover, whichever is higher. For further information on penalties, please visit: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-le-processing/penalties.
- For further information on the Children’s code, please visit our website: https://ico.org.uk/childrenscode.
- To report a concern to the ICO, go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
ICO and Ofcom strengthen partnership on online safety and data protection25/11/2022 15:20:00
The Information Commissioner’s Office (ICO) and Ofcom have today set out how we will work together to ensure coherence between the data protection and the new online safety regimes.
International transfers: empowering innovation and growth whilst protecting people’s personal information18/11/2022 12:25:00
Blog posted by: Emma Bate, 17 November 2022.
ICO launches consultation on how it prioritises FOI complaints09/11/2022 10:20:00
The Information Commissioner’s Office (ICO) has launched a consultation on how it prioritises the complaints it receives about public bodies’ handling of Freedom of Information (FOI) requests.
Department for Education warned after gambling companies benefit from learning records database08/11/2022 12:25:00
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children.
ICO and Cabinet Office reach agreement on New Year Honours data breach fine03/11/2022 15:05:00
The UK Information Commissioner has agreed to reduce the £500,000 Monetary Penalty Notice (MPN) imposed on the Cabinet Office in 2021 in relation to the New Year Honours data breach to £50,000, which the Cabinet Office has agreed to pay, reflecting our new approach to working more effectively with public authorities.
Making our employment guidance work for you28/10/2022 09:05:00
A blog by Elanor McCombe, Group Manager - Policy
‘Immature biometric technologies could be discriminating against people’ says ICO in warning to organisations26/10/2022 09:10:00
The Information Commissioner’s Office (ICO) is warning organisations to assess the public risks of using emotion analysis technologies, before implementing these systems.
‘Biggest cyber risk is complacency, not hackers’ - UK Information Commissioner issues warning as construction company fined £4.4 million24/10/2022 12:25:00
The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.