TikTok may face a ($29 million) fine in the U.K. after privacy regulators found failings in the company’s handling of children’s data.
The Information Commissioner’s Office issued TikTok a “notice of intent” informing the Chinese-owned video app of its “provisional view that TikTok breached UK data protection law between May 2018 and July 2020.” It follows an investigation into the company that began in 2019.
According to the ICO, TikTok may have processed the data of children under the age of 13 without parental consent, failed to present information to its users in a way that’s easy to understand, and processed “special category data” — such as information on a person’s race or ethnicity — without legal grounds.
“We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” Information Commissioner John Edwards said in a statement Monday.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”
The ICO noted that its findings are “provisional” and that “no conclusion should be drawn at this stage that there has, in fact, been any breach of data protection law or that a financial penalty will ultimately be imposed.” The ICO can issue a maximum fine amounting to 4% of TikTok’s annual global revenues under the EU’s GDPR, which is still enshrined in U.K. law.