Discover more from Cyber Oracle
TikTok Faces Staggering €345 Million GDPR Fine for Child Data Mishandling
Plus, Google Settles California Lawsuit for $93 Million: Location-Privacy Claims Raise Consumer Protection Concerns
Irish Data Protection Commission Takes a Stand, Hits TikTok with Massive Penalty for Privacy Violations
In a resounding move, the Irish Data Protection Commission (DPC) has imposed an eye-watering €345 million (approximately $368 million) fine on TikTok for serious breaches of the European Union's General Data Protection Regulation (GDPR) related to the handling of children's data. The investigation, initiated in September 2021, delved into TikTok's processing of personal data concerning users aged 13 to 17 during the period from July 31 to December 31, 2020.
Some of the key findings of the investigation include alarming practices:
Default Public Exposure: Child users' content was set to "public" by default, exposing them to risks from any viewer, whether on TikTok or not.
Transparency Lapse: TikTok failed to provide adequate transparency information to child users about how their data was being handled.
Dark Patterns: The platform employed manipulative design tactics, known as dark patterns, to steer users towards privacy-intrusive options during registration and video posting.
Weak Family Sharing Control: A flaw in the Family Sharing setting allowed non-verified adults to pair their accounts with those of minors, potentially enabling inappropriate interactions.
In addition to the substantial financial penalty, the DPC has mandated TikTok to align its data processing practices with GDPR standards within three months.
Anu Talus, EDPB Chair, emphasized the responsibility of social media companies to present choices to users, especially children, in a fair and transparent manner. She stressed the importance of offering privacy-related options objectively and neutrally, without deceptive or manipulative tactics.
In response, TikTok expressed disagreement with the DPC's decision, arguing that the criticisms pertain to features and settings from three years ago, which have since been revamped, with all accounts for users under 16 now set to private by default. TikTok has not confirmed whether it intends to appeal the ruling.
Furthermore, TikTok announced plans to introduce a revamped account registration process for new users aged 16 and 17, with a default setting of private accounts. The platform boasts approximately 134 million monthly users in the European Union.
This significant penalty follows a €5 million (around $5.4 million) fine levied by the French data protection authority in January 2023, targeting TikTok for cookie consent rule violations and the complex nature of its opt-out mechanism.
These developments highlight the growing emphasis on data protection and privacy enforcement, echoing the recent privacy lawsuit settlement where Google agreed to pay $93 million over allegations of location data collection without informed consent, as brought forth by California's Attorney General.
California Attorney General Unveils $93 Million Settlement Over Google's Alleged Misleading Location-Privacy Practices
In a substantial legal settlement, Google has agreed to pay a hefty $93 million to resolve a lawsuit brought by the state of California. The lawsuit accused the tech giant of engaging in deceptive location-privacy practices that not only misled consumers but also ran afoul of consumer protection laws.
California Attorney General Rob Bonta, commenting on the case, stated, "Our investigation revealed that Google was telling its users one thing – that it would no longer track their location once they opted out – but doing the opposite and continuing to track its users' movements for its own commercial gain."
The lawsuit stemmed from revelations that Google persisted in tracking user locations despite promising otherwise when users opted out of location tracking by disabling the "Location History" setting.
California's complaint against Google alleged that the company collected location data through alternative means and misled users regarding their ability to opt out of location-based personalized advertisements.
With Google amassing over $220 billion in revenue solely from advertising in 2022, this settlement is the latest in a string of financial resolutions Google has entered into to address lawsuits filed by various U.S. states. In November of the previous year, Google agreed to pay $391.5 million to settle similar complaints filed by 40 U.S. states. In January 2023, it settled two distinct lawsuits brought by Indiana and Washington, D.C., for $29.5 million. In May of the same year, Google reached a $39.9 million settlement with Washington state on similar grounds, while also facing a location-tracking lawsuit in Texas.
Despite the settlements, Google has not admitted to any wrongdoing, maintaining that the issues stem from "outdated product policies that we changed years ago." As part of the agreement, Google has committed to providing users with enhanced controls and transparency regarding their location data.
This development comes on the heels of Austrian privacy non-profit NOYB's legal actions against Google-owned Fitbit. NOYB filed three complaints, alleging that Fitbit compelled new app users to consent to transferring sensitive data outside the European Union without sufficient data protection guarantees. NOYB criticized the lack of a withdrawal option, forcing users to delete their accounts to halt the allegedly illegal data processing.
Want to learn how professionals make software? Read about software development and devops with Docker right now on Quest for Code
Kpler - Senior Backend Engineer - Hybrid
1Password - Product Designer, Design Systems - Fully Remote
Roku - Senior Site Reliability Engineer (SRE) - Cardiff, United Kingdom · On-site
DAZN - Full Stack Developer - Appi - Hyderabad, India
Pentair - IT and Cybersecurity Leadership Development Program Internship - Summer 2024 - Golden Valley, MN
GSK - Internship : AI/ML Engineers & Data Scientists/Analysts (Master, PhD, Post-Doc), Belgium - 2023 - Wavre, Walloon Region, Belgium
Intel - Automation Developer - Graphics Software Internship - Gdansk Metropolitan Area, Poland · On-site
Nike - Nike Data Science Graduate Intern - Beaverton, OR
Thanks for reading Cyber Oracle! Subscribe for free to receive new posts and support our work.