TikTok fined over $368 million for children's data privacy violations in Europe

TikTok was fined over $368 million by European regulators on Friday for its lack of protection of children's personal information.

Why it matters: The app has been under scrutiny for its handling of children's data privacy for years, including by U.S. policymakers.

Driving the news: The Data Protection Commission (DPC), based in Ireland, determined that the app nudged users toward privacy-intrusive options during the account registration process and when posting videos.

• "The fact that profile settings for child users were set to public by default also posed several possible risks to children under the age of 13 who gained access to the platform," the DPC said.
• The violations occurred from July 31, 2020 to Dec. 31, 2020. The commission examined platform settings for child users, age verification and transparency.

Threat level: Children's online safety is getting increased attention all over the world. TikTok faced questioning in Congress over the subject earlier this year.

• The DPC said that a family pairing setting allowed a non-child user, unverified as a parent or guardian, to pair their account to a child's account. This older user could turn off limits on direct messaging for the child.

The other side: "We respectfully disagree with several aspects of the decision, particularly the level of the fine," Elaine Fox, TikTok's head of privacy in Europe, said in a statement.

• The investigation began after the app's settings had already changed and most of the issues at hand have now been addressed, Fox said.
• Accounts for 13-15 year olds are set to private by default. This is soon to come for 16-17 year olds too.
• On videos created by 13-15 year olds, the app has removed the option that allowed any user to comment.
• Family pairing features have changed including screen time limits, muting notifications and a content filtering tool.

What's next: The DPC ordered TikTok to bring the rules to compliance within three months.

• "We'll continue to further strengthen protections for teenagers on TikTok," the app said.

Flashback: In 2019, TikTok agreed to a $5.7 million settlement for violating the U.S.'s Children's Online Privacy Protection Act (COPPA) — the record largest fine at the time in the law's 20+ year history.

• COPPA fines have been more common in recent years. Some tech firms have started to ban ads targeting users under 18 to avoid these penalties.
• Last year, Epic Games, the maker of the Fortnight video game, was fined $520 million to settle allegations of privacy violations and unwanted charges. Of that, $275 million was for violating the COPPA rule.
• In 2019, Google agreed to pay a $150-200 million fine for violating children's privacy laws on YouTube.

Go deeper: TikTok's popularity complicates possible U.S. ban