Europe’s war against privacy issues keeps on rolling, with TikTok being the latest social media platform to be fined. This fine – amounting to €345 million or R6.8 billion – was for how it dealt with children’s accounts under the EU’s very strict General Data Protection Regulation (GDPR) privacy legislation.
The Irish Data Protection Commission (DPC), which oversees TikTok because its European headquarters are in Dublin, found the app’s “public-by-default” settings meant anyone could see what a child posted, whether they were TikTok subscribers or not.
The DPC also targeted its “Family Pairing” feature, which allowed an adult’s account to be “paired” with the child’s – even if TikTok had not verified if the adult was a parent or guardian. It received another fine for not properly protecting under-13s who were automatically placed on the default public setting.
“TikTok did not implement appropriate technical and organisational measures to ensure and to be able to demonstrate that the foregoing processing was performed in accordance with the GDPR,” the DPC found.
Irish Data Protection Commissioner Helen Dixon said: “Alone the fine of €345m is a headline sanction to impose but reflects the extent to which the DPC identified child users were exposed to risk in particular arising from TikTok’s decision at the time to default child user accounts to public settings on registration”.
The result of this “public-by-default setting of accounts meant that anyone – either on or off the TikTok platform – could view the social media content of child users,” she added. “Child users were not adequately informed of the scope and consequences of the processing of their personal data on the platform.”
That pretty much sums up most social platforms’ attitudes to their users, whether they are children or adults. Facebook whistleblower Frances Haugen’s now immortalised quote that it “prioritised growth over safety” is still true of all the other social giants.
TikTok has three months to remedy this.
This is the first EU fine for the app and its Chinese owner ByteDance – but unlikely to be its last. There is a second investigation into EU privacy law infringements on how EU citizens’ data was transferred to China.
Tech firms can be fined up to 4% of global turnover under GDPR regulations – so they are therefore very aware of fixing such problems. The EU is also spearheading recently enacted legislation aiming at reigning in Big Tech’s monopolistic power and control.
Read More: The Titanic never sank on TikTok
The Digital Markets Act is to “ensure a level playing field for all digital companies, regardless of their size,” according to the European Parliament, including rules that “stop them from imposing unfair conditions on businesses and consumers”.
The Digital Services Act will give “people more control over what they see online” including “why specific content is recommended” and to opt out of profiling.
“Targeted advertising will be banned for minors and the use of sensitive data, such as sexual orientation, religion or ethnicity, won’t be allowed,” the EU says.
Thankfully, there are some grownups in the global room who are tackling social media and its surveillance capitalism with vigour. We need more of that everywhere, and definitely more of that in South Africa.
- This originally appeared in Financial Mail.