TikTok fined $368 million by European regulators for data protection failure with young users.

In a recent development, European authorities have found popular social media platform Twitter guilty of violating General Data Protection Regulation (GDPR) rules in the way it handles the personal data of its younger users. As a consequence, the social network has been hit with a hefty fine of €345 million ($368 million).

The investigation into Twitter’s privacy protection obligations for users aged between 13 and 17 was conducted by the Irish Data Protection Commission, which serves as the regulator for Twitter as it is headquartered in Ireland and has its first data center located there. The investigation covered the period from July 31 to December 31, 2020, and sought to determine if Twitter had complied with GDPR rules.

The regulator revealed that it found several instances where Twitter had failed to meet its obligations. One of the major violations was that Twitter had set the profiles of child users, those falling within the age range of 13 to 17, to be public by default. This means that anyone could easily access their personal information, including their posted videos, since the default for video sharing was also set as public. As a result, anyone was able to comment on their videos, which raised serious concerns about privacy and child safety.

Furthermore, the investigation revealed that Twitter did not require child users to opt in to features such as Duet and Stitch. These features allowed others to take parts of their videos and create new content without their explicit consent. By not implementing proper safeguards, Twitter put its younger users at risk by exposing them to potential exploitation and misuse of their content.

Another worrying finding was that Twitter allowed child users’ accounts to be paired with adult users’ accounts without verifying whether the adult was their parent or guardian. This enabled the adult user to enable direct messaging for both accounts, despite the feature being potentially unsafe and inappropriate for underage users.

While the Irish Data Protection Commission did not explicitly examine whether Twitter violated GDPR rules in allowing children under the age of 13 to sign up, it did conclude that the platform breached GDPR by failing to implement appropriate measures to protect the privacy and safety of its users, including those under the age of 13.

This is not the first time social media platforms have faced penalties for mishandling children’s data. The UK Information Commissioner’s Office (ICO) had previously fined TikTok £12.7 million ($15.75 million) for similar violations. TikTok had allowed 1.4 million UK children to sign up, even if they were below the age of 13.

The hefty fine imposed on Twitter should serve as a reminder to all social media platforms about the importance of complying with data protection regulations and placing user privacy and safety at the forefront of their operations. It also highlights the need for stricter measures and better parental controls to safeguard minors on these platforms.

In conclusion, this ruling should act as a wake-up call for all social media platforms to reassess their privacy and security protocols. As the digital landscape continues to evolve, it is crucial that companies prioritize user protection, especially when it comes to minors. Only by implementing robust safeguards and ensuring full compliance with data protection regulations can social media platforms establish trust and provide a safe space for users of all ages.

TikTok fined $368 million by European regulators for data protection failure with young users.