It is the first time ByteDance-owned TikTok has been reprimanded by the DPC, the lead regulator in the EU for many of the world's top tech firms due to the location of their regional headquarters in Ireland.
 

A spokesperson for TikTok said it disagreed with the decision, particularly the size of the fine, and that most of the criticisms are no longer relevant due to measures it introduced before the DPC's probe began in September 2021.


 

The DPC said TikTok's breaches included how in 2020 accounts for users under the age of 16 were set to "public" by default and that TikTok did not verify whether a user was actually a child user's parent or guardian when linked through the "family pairing" feature.
 

TikTok added stricter parental controls to family pairing in November 2020 and changed the default setting for all registered users under the age of 16 to "private" in January 2021.
 

TikTok said on Friday it plans to further update its privacy materials to make the differences between public and private accounts clearer and that a private account will be pre-selected for new 16-17-vear-old users when they register for the app later this month.
 

The DPC gave TikTok three months to bring all its processing into compliance where infringements were found.
 

It has a second probe open into the transferring by TikTok of personal data to China and whether it complies with EU data law when moving personal data to countries outside the bloc.
 

It had 22 inquiries open into multinationals based in Ireland at the end of 2022.