TikTok — Enforcement
Executive Summary
The Irish DPC fined TikTok €345 million for GDPR violations related to children's data (ages 13–17). Child accounts were set to public by default, the Family Pairing feature allowed unverified adults to weaken children's privacy settings, and TikTok employed dark patterns nudging children to post publicly. TikTok was ordered to bring processing into compliance within three months.
What Happened
On September 1, 2023, the Irish Data Protection Commission fined TikTok Technology Limited €345 million for multiple GDPR violations related to children aged 13-17 during the period from July 31 to December 31, 2020. The violations included setting child accounts to public by default, insufficient transparency about default settings, inadequate safeguards in the Family Pairing feature, and using dark patterns that violated the fairness principle. TikTok was found to have infringed eight GDPR articles covering data minimization, security, accountability, privacy by design and default, transparency, and fairness, and was ordered to bring its processing into compliance.
Who Is Affected
Children aged 13 to 17 who used TikTok between July and December 2020 are affected, as their accounts were automatically set to public and their personal data was exposed without adequate privacy protections. The Family Pairing feature also allowed unverified adults to weaken children's privacy settings during this period. While the inquiry focused on this specific timeframe, the enforcement decision requires TikTok to implement systemic changes to protect child users going forward.
Why It Matters
This €345 million fine represents one of the largest GDPR penalties for failures specifically related to children's data protection and sets a significant precedent for how social media platforms must handle minors' privacy. The case demonstrates increased regulatory scrutiny of default settings, dark patterns, and privacy-by-design obligations when vulnerable users are involved. The European Data Protection Board's intervention to add the fairness violation shows growing consensus among EU regulators that manipulative design practices violate fundamental data protection principles.
What You Should Do
If you are a parent or guardian of a child who uses TikTok, review and adjust their account privacy settings to ensure the profile is set to private rather than public. Use TikTok's Family Pairing feature only with verified family members and regularly check what privacy controls are enabled on your child's account. If your child used TikTok during the affected period with a public account, consider what personal information may have been exposed and discuss online privacy practices with them.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.
Sources