Small video sharing platform TikTok could be hit with a £27 million fine, over alegations of not being able to protect children’s privacy while they use the platform.

According to the UK’s Information Commissioner’s Office (ICO), the video-sharing website may have processed underage users’ data without getting their consent.

The watchdog stated that the breach occurred over a period of more than two years, from July 2020, but that it had not yet reached a final determination.

TikTok claims that it disagrees with the findings and calls them “provisional.”

TikTok Inc. and TikTok Information Technologies UK Limited have received a “notice of intent” from the ICO, a legal document that comes before a potential fine.

The notice outlines the ICO’s preliminary conclusion that between May 2018 and July 2020, TikTok violated UK data protection law.

The social media platform may have processed children’s personal information under the age of 13 without getting the proper parental consent, according to the ICO investigation. It might also have processed special category data without having legal justification, failing to provide users with accurate information in a clear, transparent, and understandable manner.

Despite its policies forbidding under-13s on the platform, 44% of eight to 12-year-olds in the UK use TikTok, according to Ofcom.

We all want children to be able to learn about and experience the digital world, but with appropriate data privacy protections, according to Information Commissioner John Edwards.

“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.”

TikTok has implemented a number of features to improve user privacy and security, such as letting parents link their accounts to those of their kids and disabling direct messaging for users under the age of 16.

“I’ve been clear that our work to better protect children online involves working with organisations, but will also involve enforcement action where necessary. In addition to this, we are currently looking into how over 50 different online services are conforming with the Children’s Code, and have six ongoing investigations looking into companies providing digital services who haven’t, in our initial view, taken their responsibilities around child safety seriously enough,” But Edwards added.  

The Children’s Code, which was implemented in September of last year, established new data protection codes of conduct for online services that children are likely to access, built on existing data protection laws, with the possibility of financial penalties for serious violations.

The ICO stated that the conclusions it reached in the notice were only preliminary and that it was too early to draw any conclusions about whether there had been a data protection law violation.

“We will carefully consider any representations from TikTok before taking a final decision,” it added.

“This notice of intent, covering the period May 2018-July 2020, is provisional and as the ICO itself has stated, no final conclusions can be drawn at this time. While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course,” said a TikTok spokesperson.

The company received a record-breaking $5.7 million fine from the Federal Trade Commission in 2019 for improper handling of children’s data.

South Korea has imposed a fine on it for comparable reasons as well.

A proposal to raise the age at which children receive special online privacy protections to 16 and outlaw targeted advertising to children without their consent was approved by the US Senate Commerce Committee in July.

(Adapted from TechCrunch.com)