TikTok has been fined £12.7m for failing to protect the privacy of children, the UK’s data watchdog has said.
An investigation conducted by the Information Commissioner’s Office (ICO) found the video-sharing app breached data protection law.
It says the breaches happened between May 2018 and July 2020.
TikTok says it disagrees with the ICO’s decision.
It is one of the largest fines the regulator has issued. However, it is still half of what the ICO threatened last year.
In September, the watchdog issued TikTok with a “notice of intent” – a precursor to handing down a potential fine.
The ICO estimates that TikTok allowed up to 1.4 million UK children under 13 to use its platform in 2020, despite its own rules not allowing children that age to create an account.
UK data protection law says that platforms that use personal data when offering information to children under 13 must have parental consent.
Information commissioner John Edwards said: “There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws.
“As a consequence, an estimated one million under 13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data. That means that their data may have been used to track them and profile them, potentially delivering harmful, inappropriate content at their very next scroll.
“TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.”
A TikTok spokesperson told media that the platform invested heavily to stop under 13s accessing the site.
“Our 40,000 strong safety team works around the clock to help keep the platform safe for our community.
“While we disagree with the ICO’s decision, which relates to May 2018 – July 2020, we are pleased that the fine announced today has been reduced to under half the amount proposed last year. We will continue to review the decision and are considering next steps.”