TikTok
Issued by Data Protection Commission (DPC) on 2023-09-15
What happened
The DPC fined TikTok €345 million for multiple GDPR violations relating to child users. The platform's default settings made children's accounts public, allowed a "Family Pairing" feature with unverified adults, and used dark patterns in its privacy settings that nudged children toward less privacy-protective options.
Articles violated
Lessons learned
Platforms with minor users must implement privacy by design and privacy by default. Dark patterns in privacy settings violate GDPR transparency requirements. Default account settings for minors must be set to maximum privacy. Age verification and family pairing features require robust safeguards.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.