Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation. Credit: TikTok The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law.Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up for the platform in 2020, despite the company’s own rules barring such use.That’s a violation of UK’s General Data Protection Regulation (similar to the EU’s GDPR), the ICO said in a statement. The UK GDPR requires that companies that use personal data to offer services to children under 13 need a parent or guardian’s permission to do so. The regulator also noted that “senior employees” at TikTok were aware of underage users on the platform, and did not respond adequately to the issue. “There are laws in place to make sure our children our as safe in the digital world as they are in the physical world,” said UK Information Commissioner John Edwards in the statement. “TikTok should have known better. TikTok should have done better.” The ICO also charged TikTok with failing to offer clear information to users about how their personal information is collected and used, as well as with failing to ensure that user data was processed lawfully.The UK government had originally intended to fine TikTok more than twice as much as today’s $15.8 million. However, today’s ICO statement said that the company’s arguments convinced regulators not to pursue an earlier, provisional finding that it had also used special category data unlawfully, bringing the total fine down from an original figure of $33.7 million. “Our [$15.8 million] fine reflects the serious impact their failures may have had,” Edwards stated. “They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform.”TikTok said in a statement that it is reviewing the decision. While it disagrees with the UK’s action, a spokesperson said that that the company is pleased that regulators reduced the total fine from its original amount.“TikTok is a platform for users aged 13 and over,” the spokesperson said. “We invest heavily to keep under-13s off the platform.” The Chinese-owned social media giant has long been under fire from western regulators for privacy concerns. Several countries — including the US, UK and Canada — have banned it from use on government devices, while Australia and New Zealand have similar restrictions pending. Related content news Most interesting products to see at RSAC 2024 Tools, platforms, and services that the CSO team recommends 2024 RSA Conference attendees check out. By CSO Staff May 06, 2024 9 mins RSA Conference Security feature AI governance and cybersecurity certifications: Are they worth it? Organizations have started to launch AI certifications in governance and cybersecurity but given how immature the space is and how fast it's changing, are these certifications worth pursuing? By Maria Korolov May 06, 2024 12 mins Certifications IT Training Careers news CISA, FBI urge developers to patch path traversal bugs before shipping The advisory highlights how developers can follow best practices to fix these vulnerabilities during production. By Shweta Sharma May 03, 2024 3 mins Vulnerabilities news Microsoft continues to add, shuffle security execs in the wake of security incidents The company has appointed new product security chiefs as well as a customer-facing CISO as it continues to respond to high-profile attacks on its products and own network. By Elizabeth Montalbano May 03, 2024 4 mins CSO and CISO PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe