Data protection - The European Union sentenced Tik-Tok for non-compliance with RGPD
Par Roukayatou Moumouni Amadou
Posté le: 24/09/2023 7:34
Social networks are constantly being called into question because of the harmful effects they are likely to have on young users. According to a global study by Oustodio in 2022, minors would spend an average of 107 minutes a day on TikTok. Generally, these platforms are forbidden to young people under the age of 13, failing which their access is controlled or subject to parental authorization. However, they manage to circumvent this ban and sign up to these social networks on a massive scale.
The growing use of these networks sometimes results in a breach of the general rules on personal data protection by data controllers. Therefore these platforms are regularly sanctioned for non-compliance with the RGPD. This is the case, for example, with Meta, which was fined 1.5 billion euros on May 22, 2023 for breaching European data protection rules with its Facebook social network. In this case, it had continued to transfer users's personal data from the European Economic Area (EEA) to the United States in violation of European data protection rules. The Tik-Tok platform was also implicated on several occasions.
Tik-Tok is a Chinese social application for creating and sharing photo and video content. It has experienced rapid growth among young people worldwide. The platform has been condemned on several occasions for mishandling young users's data. Indeed, it has been fined several times: in 2019, it was sentenced to $5.7 million in the USA; in 2021 750,000 euros in the Netherlands and in 2023, 12.7 million pounds in the UK. In addition, in January 2023 it was fined 5 million euros by the French Data Protection Authority (CNIL), for failing to allow users of its website to simply refuse cookies. In fact, it offered a button for immediate acceptance of cookies, without providing an equivalent solution (button or other) to enable Internet users to refuse them.
Moreover, mistrust of this application has prompted several states, such as the USA and Canada, to prohibit its use on mobile devices supplied to government personnel. The same is true of the European Commission and Parliament, which have banned the use of the application on professional devices due to the risk of spying and massive data collection.
More recently, it was fined 345 million euros by the Irish Data Protection Commission (DPC) on behalf of the European Union, for violations relating to the management and processing of personal data of under-age users.
The conviction stems from an investigation launched by the DPC following breaches of privacy laws in the European Union. In fact, the DPC launched an investigation against Tik-Tok's ByteDance subsidiary, which has almost 150 million users in the United States and 134 million in the European Union. The investigation revealed that the profiles of underage users were automatically set to public mode between July 31 and December 31, 2020.
Among the charges brought against the company by the DPC were the following: children were registered on the platform in such a way that their accounts were defined as public by default; the company did not take the time to check whether the user associated with a minor's account, as provided for in the "family connection" mode, was in fact the parent or guardian, despite the ban; it failed to take into account the risks posed by the application for children under 13 who manage to create an account... and so on.
As a result, the company was fined 345 million euros, and ordered to bring its operations into compliance within 3 months.
Tik-Tok reacted to the verdict by saying it "respectfully disagrees with the decision, in particular the level of the fine imposed". In fact, according to the company, the CPD's criticisms focus on features and settings that were in place three years ago. These would have been modified, notably by the fact that, from now on, the accounts of people under the age of 16 are private by default; or the introduction of a limit of 60 minutes of use per day for children and teenagers.
The company also keeps a close eye on the age of its users, to the point of having deleted almost 17 million accounts worldwide in the first three months of 2023 alone, on suspicion of belonging to people under 13. Finally, in the face of government mistrust, the company announced at the beginning of September that it had begun to host the data of its European users in Ireland, in order to allay fears about its Chinese shareholders.