Social media and data protection issues seem to go hand in hand.
Data protection issues surrounding the use of social media have always been a cause for concern for individuals, especially when it comes to children’s data privacy.
On 15 September 2023, the video-focused social media platform app, TikTok, was fined €345 million by Ireland’s Data Protection Commission (DPC) over the data privacy of children.
Over a five-month period in 2020, TikTok breached the General Data Protection Regulation (GDPR) principle of fairness and data protection by design and default in processing the data of users aged under 18.
Data protection by design and default requires appropriate technical and organisational measures to be put in place such as encrypting data and regularly updating security protocols. When individuals aged 13-17 created accounts on the app, their accounts were made ‘public’ by default and their content was available for anyone to view.
Ireland’s Data Protection Commission concluded that TikTok had infringed the data privacy of its users aged 13-17. A fine of €345m was imposed.
“…the infringements are all serious in nature and gravity. The infringements concern personal data belonging to children and the infringements increased the risks posed by the processing to the rights and freedoms of those children.”
Further, TikTok was reprimanded and ordered to ensure its processing was compliant within three months.
“the reprimand will contribute towards dissuading future non-compliance by formally recognising the serious nature of the infringements.”
TikTok has form. In April 2023, the Information Commissioner’s Office (ICO) issued a £12.7m fine for its use of the personal data of children contrary to the Data Protection Act 2018.
Fines and reprimands on this scale are a reminder, should one be needed, to be proactive in protecting your customer’s personal data and being compliant with your statutory obligations.