TikTok, the popular video-sharing app owned by China’s ByteDance Ltd., has been hit with a €345 million (approximately US$368 million) fine by the European Union (EU) for alleged violations related to the protection of children’s personal data. The Irish Data Protection Commission, which oversees TikTok because its EU headquarters are in Dublin, found that the social media platform failed to adequately safeguard minors against unnecessary data processing and did not maintain transparency.

This fine comes after intense scrutiny of TikTok’s child safeguarding practices, given its significant user base of young people who engage in activities such as viral dance challenges. TikTok currently boasts more than a billion users worldwide.

The Irish Data Protection Commission has given TikTok a three-month deadline to bring its data processing practices into compliance with the EU’s strict General Data Protection Regulation (GDPR).

TikTok responded to the decision, stating that it respectfully disagrees with the fine’s level, particularly highlighting that the criticisms focused on features and settings that were in place three years ago, which the company claims to have modified well before the investigation began. TikTok’s statement also mentioned that the company set all accounts of users under 16 to private by default as one of the proactive changes made.

In addition to EU scrutiny, TikTok has faced regulatory challenges in the United States, where lawmakers have proposed bills that could potentially block the app. To address these concerns and comply with data protection regulations, TikTok has initiated efforts to segregate data on local servers and engage domestic partners to supervise data access controls.

The Irish watchdog, responsible for regulating numerous major tech companies, initiated two investigations into TikTok in 2021. The investigations were centered around concerns that young users’ data was not adequately protected and aimed to assess the risks associated with certain TikTok user data potentially being accessed by “maintenance and AI engineers in China.”

This recent fine follows the Irish Data Protection Commission’s €405 million fine against Meta Platforms Inc.’s Instagram for mishandling children’s personal data last year. The regulatory landscape for social media platforms is evolving rapidly, with data protection and privacy at the forefront of these changes.