Child data protection in the spotlight: TikTok’s €345 million fine

Pandectes GDPR Compliance app for Shopify Stores - Child data protection in the spotlight- TikTok's €345 million fine - Cover

Table of Contents


In a groundbreaking decision that has echoed across the tech industry, TikTok, one of the world’s leading social media platforms, has been fined a staggering €345 million ($367 million) by Ireland’s Data Protection Commission. This massive penalty stems from TikTok’s mishandling of children’s data, highlighting the crucial importance of child data protection in the digital age.

Ongoing investigation and compliance timeline

The €345 million fine imposed on TikTok by Ireland’s Data Protection Commission (DPC) has sparked an ongoing investigation and a strict compliance timeline for the social media giant. Here’s an overview of the key events:

  1. Initial investigation (2021): The DPC announced an investigation into TikTok’s compliance with Europe’s General Data Protection Regulation (GDPR) in 2021, specifically focusing on how TikTok handled children’s data.

  2. Preliminary draft decision (2023): The DPC adopted its final decision regarding the inquiry on September 1, 2023. This decision led to the imposition of the €345 million fine on TikTok for data protection violations.

  3. Compliance timeline (2023): TikTok is now required to bring its data processing practices into compliance with EU regulations within a stringent three-month timeline. This includes addressing the issues related to default account settings, age verification methods, and direct messaging for child users.

  4. Ongoing impact (2023): The fine has significant implications for TikTok and serves as a precedent for data protection enforcement on social media platforms. It has also prompted other tech companies to reevaluate their data handling practices, especially concerning young users.

  5. TikTok’s response (2023): TikTok has acknowledged the fine and is committed to improving its data protection measures. They have highlighted their Family Pairing feature, which aims to enhance parental control over child accounts, as part of their efforts to enhance child data protection.

The TikTok fine and ongoing compliance efforts serve as a significant development in the realm of data protection, emphasizing the importance of safeguarding children’s data on social media platforms.

Pandectes GDPR Compliance app for Shopify Stores - Child data protection in the spotlight- TikTok's €345 million fine - Legal

European Data Protection Supervisor steps in

The European Data Protection Supervisor (EDPS) played a pivotal role in addressing the TikTok fine. In August 2023, the European Data Protection Board (EDPB) issued a significant decision that covered TikTok’s data processing activities from July to December 2020. This decision shed light on TikTok’s data protection practices during that period, setting the stage for further actions in the case.

Subsequently, in September 2023, TikTok faced a substantial fine of €345 million for its failure to protect children’s privacy under the European Union’s General Data Protection Regulation (GDPR). This fine was imposed by the Irish Data Protection Commission, as mentioned above, following an investigation into TikTok’s data handling practices, particularly concerning young users. It marked one of the largest penalties under the GDPR and highlighted the importance of safeguarding children’s privacy on social media platforms.

While the TikTok fine was imposed by a national authority, the involvement of the EDPS underscores the EU’s commitment to upholding stringent data protection standards. The EDPS serves as a key authority in EU data protection and is responsible for monitoring and ensuring the consistent application of data protection laws across the European Union. In this context, the EDPS’s participation reflects the EU’s dedication to protecting individuals’ data privacy, especially concerning vulnerable user groups like children.

The European Data Protection Supervisor plays a vital role in overseeing and coordinating actions related to data protection within the EU. The TikTok fine and the EDPS’s involvement highlight the EU’s commitment to data protection and privacy, particularly when it comes to protecting the personal information of children on online platforms.

TikTok reacts

In response to the €345 million fine imposed by the Irish Data Protection Commission (DPC) for violating EU data protection laws, TikTok has taken several actions to address the situation. The fine, which stemmed from an investigation that began in 2021, marked a significant penalty for the social media giant. TikTok immediately acknowledged the DPC’s decision and expressed its commitment to complying with EU data protection regulations. The company emphasized its dedication to ensuring the privacy and safety of its users, especially children and teenagers who are active on the platform.

As part of its reaction to the fine, TikTok announced plans to enhance its data protection measures and review its policies to align with EU privacy laws. This includes implementing stricter age verification methods to prevent underage users from accessing the platform and strengthening its data processing practices. Additionally, TikTok is expected to work closely with the Irish Data Protection Commission to address the concerns raised and ensure full compliance with GDPR requirements. The company has a three-month timeline to make the necessary changes and improvements to its data protection practices.

Overall, TikTok’s reaction to the substantial fine demonstrates its willingness to cooperate with regulatory authorities and prioritize data protection, especially when it comes to the privacy of children and young users on its platform. The company’s response highlights the importance of stringent data protection measures in today’s digital landscape.

Pandectes GDPR Compliance app for Shopify Stores - Child data protection in the spotlight- TikTok's €345 million fine - TikTok

Irish regulator faces scrutiny over TikTok data handling investigations

The Irish Data Protection Commission (DPC) is indeed facing scrutiny over its investigations into TikTok’s data handling practices. The DPC announced a €345 million fine against TikTok for alleged violations related to the processing of children’s data. However, this action has sparked further investigations and questions regarding the handling of the case.

The DPC’s investigation primarily focused on TikTok’s data processing activities between July 31, 2020, and December 31, 2020. It centered on concerns related to how TikTok handled the data of children during that period. The fine imposed on TikTok was a significant one and underscored the DPC’s commitment to enforcing data protection regulations.

However, there have been calls for a more comprehensive examination of TikTok’s practices, including allegations of the unlawful transfer of European personal data to China. The investigation has also raised broader questions about the regulation of tech giants and the effectiveness of data protection enforcement in the European Union.

While the DPC’s actions against TikTok represent a significant step in enforcing data protection laws, ongoing scrutiny and investigations are expected to continue to ensure that data handling practices by tech companies comply with EU regulations. This case highlights the importance of robust regulatory oversight in the digital age, particularly concerning the protection of children’s data and cross-border data transfers.

TikTok has faced fines from various regulatory authorities, such as in France (CNIL) and the United Kingdom (UK), for different violations. Here are the key fines imposed on TikTok in these regions:

  1. CNIL (France) fine – €5 million: In January 2023, France’s data protection authority, CNIL, fined TikTok €5 million for manipulating cookie consent mechanisms, breaching rules related to cookies, and failing to provide a direct refusal option for users. This fine was related to privacy and consent issues.

  2. UK fine – £12.7 million: In April 2023, the UK’s Information Commissioner’s Office (ICO) imposed a fine of £12.7 million on TikTok for misusing children’s data. This fine was specific to TikTok’s handling of data belonging to children in the UK, emphasizing the importance of safeguarding children’s privacy.

These fines underscore the significance of adhering to data protection and privacy regulations, particularly when handling user data, and serve as a reminder for tech companies to prioritize user privacy and consent.

The impact on tech giants

This substantial fine serves as a stark warning to other tech giants. It underscores the EU’s commitment to enforcing the General Data Protection Regulation (GDPR) and ensuring data protection for all its citizens, especially minors. Tech companies worldwide are now reevaluating their data handling practices, particularly regarding young users.


TikTok’s fine, imposed by European regulators, serves as a significant wake-up call for data privacy. The fine was a result of TikTok’s neglect in protecting children’s privacy and its violations of the General Data Protection Regulation (GDPR). It represents one of the largest penalties ever imposed under the GDPR and highlights the growing importance of safeguarding user data, especially when it involves minors. This landmark decision not only holds TikTok accountable for its data handling practices but also underscores the need for tech companies to adhere to stringent privacy laws. It sends a clear message that regulators are willing to take action against those who fail to protect user data adequately.

Additionally, the case has prompted discussions about cross-border data transfers and the potential unlawfulness of sending European personal data to China. It raises questions about the role of regulators and their ability to oversee tech giants effectively. Overall, TikTok’s multi-million fine serves as a pivotal moment in the ongoing efforts to ensure data privacy and protection, emphasizing the need for transparency, compliance, and accountability among tech companies.

Make your Shopify Store GDPR/CCPA compliant today
Pandectes GDPR Compliance App for Shopify
Subscribe to learn more

You Might Also Like

Scroll to Top