Three teens dancing on a music recording

TikTok faces $28m fine for failing to protect children’s privacy

TikTok is no stranger to controversy where data usage is concerned. Back in 2021, the social media dance extravaganza platform agreed to pay $92m to settle dozens of lawsuits alleging harvesting of personal data. There has also been concern with regard to whether or not settings were enough to keep children safe, leading to significant alterations to how those accounts are managed.

Unfortunately for TikTok, it’s back in the news again, and not in a good way. TikTok could be headed for a $28.91m fine, courtesy of the United Kingdom. The fine, related to how children are safeguarded on the app, is the result of a possible breach of the UK’s data protection laws.

The provisional findings of the ICO

The Information Commissioner’s Office (ICO) has issued a statement, which refers to TikTok potentially breaching UK data protection law between May 2018 and July 2020. The statement explains that the ICO has issued TikTok with a notice of intent, which is a legal document which may precede a legal fine.

The ICO claims TikTok may have:

  • Processed the data of children under the age of 13 without appropriate parental consent;

  • Failed to provide proper information to its users in a concise, transparent and easily understood way; and

  • Processed special category data, without legal grounds to do so.

The statement notes that these findings are “provisional”, and that no conclusions should be drawn at this stage around whether “there has, in fact, been any breach of data protection law or that a financial penalty will ultimately be imposed. We will carefully consider any representations from TikTok before taking a final decision”.

In other words: all of these claims and statements come with a rather large “allegedly” tag applied, and TikTok will make a response to these concerns before anything else happens of a legal nature.

TikTok isn’t currently commenting, citing “confidentiality” which makes sense given the intent to formally respond to the ICOs findings.

Tackling the child data problem

This appears to be part of a much bigger drive to ensure children’s data is used safely and correctly by online services. According to the Guardian, The ICO Information Commissioner stated that the ICO is looking at “more than 50” online services to check for child-centric data compliance.

There’s a big push for child safety at the moment, especially with regard to making sure businesses are complying with regulations. Some of these drives are perhaps a little bit controversial, too. For the time being, you can certainly take some action yourself and help your child become a little bit more cyber-savvy in their social media dealings. Check out our articles on helping your child to manage their online reputation, and our five tips for keeping kids safe on social media platforms.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.