TikTok faces GDPR investigation into children’s data and transfers in China

Updates from TikTok Inc

Sign up for myFT Daily Digest to be the first to know about news from TikTok Inc.

The Irish Data Commissioner has launched investigations into TikTok into its handling of children’s data and the transfer of user information to China, marking the latest regulatory concerns over the popular video app.

Ireland’s Data Protection Commission, which oversees the application of the EU’s General Data Protection Regulation in the country, said on Tuesday it would review the company’s handling of personal data for less than 18, including company age verification measures for those under 18. -13s.

A second investigation will examine personal data transfers from TikTok to China.

Companies can be fined up to 4% of annual global revenue, or € 20 million, for violating the GDPR. ByteDance reported annual revenue of $ 34.3 billion in 2020, an increase of 111% from the previous year. TikTok is in the process of opening an EU headquarters in Dublin.

“We have extensive policies and controls in place to protect user data and rely on approved methods for transferring data from Europe, such as a standard contract term,” the company said, adding that she would work with the Irish regulator.

The investigations came as TikTok, which gained popularity among teens during lockdowns linked to the pandemic, battles national security and privacy concerns around the world.

Joe Biden’s administration is examining former President Donald Trump’s efforts to ban the app as a national security threat amid broader fears that Chinese companies may share US citizen data with Beijing at espionage purposes.

TikTok said it does not share US user data with the Chinese government. ByteDance held talks last year with several companies, including Microsoft and Oracle, about a possible sale of its U.S. operations in an attempt to resolve tensions with Washington.

Separately, TikTok has been sued for several billion pounds for allegedly illegally collecting personal information from millions of children in the UK and Europe. The claim, which is supported by Anne Longfield, England’s former commissioner for children, argues that children’s data was collected without sufficient consent – which for underage users should be given by an adult – or without transparency.

TikTok has denied the claims, arguing that it has “robust policies” in place to “protect all users, and our teenage users in particular.”

The app has also faced complaints relating to the protection of children’s privacy in the United States. ByteDance was fined $ 5.7 million in 2019 by the Federal Trade Commission for illegally collecting data from children.

In July, TikTok was fined € 750,000 by the Dutch data protection authority for violating the privacy of child users. The regulator argued that by failing to publish its privacy policies in Dutch, the app failed to provide “an adequate explanation of how the app collects, processes and uses personal data” for young users who do not speak English.

The platform has also been under investigation by the UK Information Commissioner’s Office since 2019 for its handling of children’s data. TikTok has said it will cooperate with the investigation.