TikTok seems as though it can't stay out of trouble, lately. This time, the popular video-sharing app has been fined £12.7m by the UK watchdog for misusing children's data together with other breaches of the UK GDPR.
The Information Commissioner's Office (ICO) said on Tuesday that "an estimated 1 million under-13s were inappropriately granted access to the platform" as of 2020. Meaning the Chinese-owned app may have illegally collected and used their personal data.
TikTok now risks paying £12.7m in fines to the UK government if failing to prove that any wrongdoings actually occurred.
The news comes as security concerns about TikTok's data practices and links to the Chinese government grow worldwide—with the UK being one of the last countries banning the app from government devices and the US considering a total TikTok ban.
Users will need to connect to a VPN service to keep accessing the app in case a total block would be finally implemented.
"TikTok should have done better"
In an official statement announcing the decision, UK Information Commissioner John Edwards said: "TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.
"They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform."
The ICO found that, between May 2018 and July 2020, TikTok had been providing their service to users under the age of 13 "without consent or authorization from their parents or carers" going against UK laws.
That isn't everything, though.
"Although the headline in the ICO's press release is that TikTok has been fined for misusing children's personal data, it's interesting to note, particularly with the current spate of government bans on the app on work devices, that the £12.7m fine partly relates to general transparency failures," data lawyer and co-founder of The Privacy Compliance Hub Nigel Jones told TechRadar.
In fact, the Commission also found the social media company responsible for not providing the right information to users on how their data was collected, used, and shared in a way that everyone could understand the consequences.
The social media giant is also said to fail to process UK citizens' personal details in a lawful, fair, and transparent manner.
"We all need to understand exactly what TikTok is doing with our personal data so we can decide for ourselves whether we should delete the app," said Jones.
A TikTok spokesperson ensures the company is investing "heavily to help keep under-13s off the platform," the Guardian reported.
"While we disagree with the ICO's decision, which relates to May 2018 to July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year. We will continue to review the decision and are considering next steps."
The original ICO notice of intent issued in September last year was, in fact, setting the fine at £27 million.
While emphasizing the fact to have changed its practices since the period the ICO investigated - as its CEO recently pledged in front of a congressional hearing in the US - TikTok has now 28 days to make an appeal.