TikTok Information Technologies UK
Issued by Information Commissioner's Office (ICO) on 2023-04-04
What happened
The ICO fined TikTok £12.7 million for a series of breaches of UK data protection law, including failing to use children's personal data lawfully. The investigation found that TikTok allowed up to 1.4 million UK children under 13 to use the platform in 2020 despite its own rules prohibiting under-13s. TikTok failed to implement effective age-checking mechanisms, meaning children below the minimum age were able to create accounts and have their data collected and used for content recommendation algorithms. The ICO determined that TikTok processed children's data without parental consent, violating the special protections afforded to minors under UK GDPR. TikTok was also found to have provided insufficiently clear privacy information to users.
Articles violated
Lessons learned
Platforms likely to be used by children must implement robust age verification mechanisms — terms of service alone are insufficient. When a platform knows or should know that children are using it, special protections must be applied. Data processing of children under 13 requires verifiable parental consent. Companies must be proactive about child safety rather than relying on self-declared ages. The ICO has demonstrated willingness to issue significant fines for child data protection failures.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.