Ireland Probes TikTok’s Handling of Kids’ Data
Ireland’s Data Protection Commission (DPC) announced on 14th September that it has opened two investigations into video sharing platform TikTok. The first covers how TikTok handles children’s data, and whether it complies with Europe’s General Data Protection Regulation. The DPC will also examine TikTok’s transfers of personal data to China looking to see if the company meets requirements set out in the regulation covering personal data transfers to third countries.
The Irish regulator’s announcement of two “own volition” enquiries follows pressure from other EU data protection authorities and consumers protection groups which have raised concerns about how TikTok handles’ user data generally and children’s information specifically.
A TikTok spokesperson told TechCrunch, “The privacy and safety of the TikTok community, particularly our youngest members, is a top priority. We’ve implemented extensive policies and controls to safeguard user data and rely on approved methods for data being transferred from Europe, such as standard contractual clauses. We intend to fully cooperate with the DPC.”
On children’s data, the GDPR sets limits on how kids’ information can be processed, putting an age cap on the ability of children to consent to their data being used. The age limit varies per EU Member State but there’s a hard cap for kids’ ability to consent at 13 years old, some EU countries set the age limit at 16.
In Italy this January, TikTok was ordered to recheck the age of every user in the country after the data protection watchdog instigated an emergency procedure, using GDPR powers, following child safety concerns. TikTok went on to comply with the order, removing more than half a million accounts where it could not verify the users were not children.
This year European consumer protection groups have also raised a number of child safety and privacy concerns about the platform. And, in May, EU lawmakers said they would review the company’s terms of service.
In response to the announcement of the DPC’s enquiry, TikTok pointed to its use of age gating technology and other strategies it said it uses to detect and remove underage users from its platform. It also flagged a number of recent changes it’s made around children’s accounts and data, such as flipping the default settings to make their accounts privacy by default and limiting their exposure to certain features.
While on international data transfers it claims to use “approved methods”. However the picture is rather more complicated than TikTok’s statement implies. Transfers of Europeans’ data to China are complicated by there being no EU data adequacy agreement in place with China.