Naked Security Naked Security

TikTok investigated (again) over how it handles children’s data and safety

It's already gotten hit with the biggest-ever US child privacy fine, and now it might be facing a fine for GDPR violations.

In February, the US hit the kid-addicting TikTok video-sharing app with the biggest-ever fine for violating the nation’s child privacy law.

Now, it’s the UK’s turn. On Tuesday, information commissioner Elizabeth Denham told a parliamentary committee that the US Federal Trade Commission’s (FTC’s) fine of $5.7 million had triggered a UK probe into how TikTok handles the safety and personal data of underage users, the Guardian reports.

The FTC fine against – now known as TikTok – was for its alleged failure to notify parents that it was collecting and using the personal information of users under the age of 13, that the app never got parental consent before doing so, and that it failed to delete the kids’ information at parents’ request. All of that is illegal under the country’s Children’s Online Privacy Protection Act (COPPA).

Denham told the Guardian that the UK’s probe is investigating whether TikTok has violated the General Data Protection Regulation (GDPR). The investigation is ongoing, she said:

We are looking at the transparency tools for children. We’re looking at the messaging system, which is completely open, we’re looking at the kind of videos that are collected and shared by children online. We do have an active investigation into TikTok right now, so watch this space.

Besides general concerns about how children’s data is collected, there are concerns about the fact that the open message system allows adults to contact kids – a potential violation of GDPR, which “requires the company to provide different services and different protections for children”.

TikTok is insanely popular, but most particularly so with young people. According to Mediakix, the app was downloaded more than 660 million times last year and is used by more than 500 million people globally per month.

It was the most popular app on Apple’s App Store for the whole year and fourth most popular on Google Play. In October, it was the most downloaded app on both Apple and Google’s stores – in other words, it was more popular, globally, than the powerhouses of YouTube, Facebook, and Instagram.

According to App Annie, as of February 2018, 75% of the iPhone user base in February was female and 50% was aged 13 to 24. On Android, those percentages go to 70% female and 60% aged 13 to 24.

There are those who worry that those numbers represent a lot of prey for sexual predators. That was highlighted in February, when Barnardo’s, a major children’s charity in the UK, found that children as young as eight are being sexually exploited online via social media.

When the FTC handed down its fine in February, it said the company had previously been aware that “a significant percentage of users were younger than 13” – the age stipulated by COPPA for strict data protection – and that it had “received thousands of complaints from parents that their children under 13 had created accounts”.

In spite of the complaints, FTC chair Joe Simons said that the company “still failed to seek parental consent before collecting names, email addresses and other personal information from users under the age of 13”.

TikTok’s parent company, Bytedance, is a private startup based in Beijing and is valued at $75 billion. Most of that is thanks to TikTok and its Chinese equivalent, Douyin. At least one Chinese doctor specializing in addiction has warned that young people are so hooked on social media approval that they’ve been risking their lives to garner likes with their 15-second Douyin clips, which have featured things like dancing in front of a moving bus or trying to flip a child 180 degrees… and then dropping her.

GDPR violations can lead to a company being fined up to €20m (£17.9m), or 4% of revenue, whichever is higher. Because it’s a private company, Bytedance doesn’t have to disclose revenue, so we can’t say for sure how big any potential fine that comes out of the UK probe would be.

TikTok sent this statement to the Guardian:

We cooperate with organizations such as the ICO to provide relevant information about our product to support their work. Ensuring data protection principles are upheld as a top priority for TikTok.

Leave a Reply

Your email address will not be published. Required fields are marked *