Regulatory Authorities are Investigating Possible Infringements of Data Protection Laws by TikTok

The Dutch data protection regulators accuse TikTok of not adequately protecting minors. In Berlin data protection officers are currently dealing with the app, whose employees had expressed concerns about their personal data. We have the whole story for you here.

Incomprehensible Privacy Policy

The Autoriteit Persoonsgegevens (AP), the authority in charge of data protection in the Netherlands, has imposed TikTok with a fine of 750.000 euros. The data protection regulators accuse the creators of the app of not adequately protecting the privacy of their underage users. The subject of the investigation is, among other things, that the information was only available in English for a long time during installation and use. Especially for younger users, these explanations are often only understandable to a limited extent. You can hardly, if at all, understand what data the app collects, uses and processes. According to the AP, TikTok does not follow the applicable regulations.

The investigation began back in 2020, when concerns first arose that TikTok was not adequately protecting the particularly sensitive group of children. Since the company had not yet registered its headquarters in the European Union (EU), authorities from all EU states were free to conduct investigations.

TikTok now states its EU headquarters in Ireland. However, the responsible supervisory authority, the Data Protection Commission (DPC), is busy with data protection issues from large corporations such as Google, Facebook and Twitter. Meanwhile, the AP has announced that it will forward the findings of its investigation to the DPC so that the agency can make the final judgment. It is considered particularly questionable that minors can register in the app and state their age older than it actually is. This not only increases the risk of being confronted with content that is not age-appropriate, but also for bullying and cyber-grooming. Cyber grooming means adults manipulate minors on the internet in order to initiate sexual contact with them.

Do the Changes Go far Enough?

In the meantime, TikTok has introduced various changes with the aim of making the app safer for users who have not yet reached the age of 16. In addition, parents can access the privacy settings of their children's accounts on their own smartphones. However, these improvements do not go far enough for the AP. Back in january, Italy’s data protection authority already declared that the app could no longer process data from European users if their age was not clearly determined. The reason for this was the death of a ten-year-old girl who strangled herself during a social media dare and died.

TikTok has since appealed the fine. The company argues the privacy policy has existed in Dutch since July 2020. A shorter, more understandable version for younger users is also available.

Employees Also Express Concern About Personal Data

Not only data protection advocates are concerned about TikTok's handling of personal data; employees of the company are also voicing concerns. Allegedly, by order of the company, the employees are forced to load apps onto their private smartphones when working from home. These programs apparently have extensive access rights. The Berlin data protection authority has confirmed receipt of the complaint and is investigating the allegation in detail. Maja Smoltczyk, the Commissioner for Data Protection and Freedom of Information in Berlin states that high standards in terms of law and technology apply to the use of private end devices at work, in order to ensure data protection.

Meanwhile, TikTok emphasises that employee data protection is a high priority. According to the company, there are no plans to load apps onto the employee’s private cell phones. The Berlin data protection authority still wants to thoroughly examine the complaint, especially with a focus on the question of whether the allegation could have international implications. If there are sufficient indications of a violation, the Berlin data protection officers will pass on their results to the Irish DPC so that it can make a final decision.

Staying Protected in the Event of Data Protection Violations

The subject of data protection is complex and despite all efforts to keep track of things, mistakes can easily occur. Claims for compensation from your customers or fines against you can be the result and quickly endanger your financial existence. The Professional Indemnity Insurance from exali, which specializes in digital professions and companies, protects you from financial consequences even in the event of data protection breaches. In case of a damage event, the insurer checks the claims, fends off unjustified requests and pays the damages if the claim is justified. This significantly reduces your risks as an entrepreneur.