TikTok threatens new trouble with privacy advocates in the EU. According to the Dutch supervisory authority, the Irish Data Protection Commission (DPC) is now investigating on its own initiative whether the operator of the social network, the Chinese company ByteDance, meets the requirements of the General Data Protection Regulation (GDPR).
In the first case, the Irish experts are examining whether TikTok complies with data protection in connection with platform settings for users under the age of 18 and is taking appropriate measures to verify the age of persons under the age of 13. At the same time, according to one, they want on Tuesday published announcement control the extent to which the provider complies with the transparency obligations of the GDPR when processing personal data of users under the age of 18.
Fine in the Netherlands
It was only in July that the Dutch supervisory authority, the Autoriteit Persoonsgegevens (AP), imposed a fine of 750,000 euros on the operator of the video app, which is particularly popular with children and adolescents. Among other things, she criticized the fact that information for Dutch users was only available in English for a long time and was so difficult to understand. The AP passed further information on to the DPC after TikTok had set up its permanent European headquarters in Dublin and thus falls under the supervision of the Irish authorities.
Their second investigation relates to the transfer of personal data by TikTok to China. Here the DPC wants to sound out whether the service provider complies with the GDPR regulations for the transfer of personal information to third countries. The head of the agency, Helen Dixon, had previously expressed concern that data on EU users could be viewed by technicians in China who are responsible for the maintenance of the app and artificial intelligence (AI).
The DPC already has its hands full with many other internet giants such as Google, Facebook and Twitter, which fall within its area of responsibility. According to critics, it acts as a “bottleneck” in GDPR enforcement. Recently, the authority of the Facebook subsidiary WhatsApp imposed a fine of 225 million euros in one of its first decisions on major cases.
TikTok assured that it would work closely with the inspectors. “Protecting the privacy and security of the community, especially our youngest members, is our top priority,” said the company. Comprehensive relevant guidelines have been introduced and the transfer of data from Europe relies on recognized instruments such as standard contractual clauses.