TikTok, the Chinese-owned video-sharing platform, is being investigated by a data regulator in the European Union (EU) for the processing of children’s information and the transfer of user data to China.
According to a statement issued on September 15, the Irish Data Protection Commission (DPC) will first investigate the processing of personal data in the context of platform settings for users under the age of 18 and age verification measures for persons under the age of 13.
The second investigation will look into whether TikTok transfers data from EU users to China, where its parent company ByteDance is based.
According to The Irish Times, the Data Protection Commissioner, Helen Dixon, warned of data transfer issues in March.
“According to TikTok, EU data is transferred to the United States rather than China. However, we have learned that maintenance and AI engineers in China may be accessing data, “according to the report, which cites Dixon’s speech at an online event.
Tiktok was fined $885,000 by the Dutch Data Protection Authority in July for failing to provide a privacy statement in Dutch. According to the agency, children may not understand how the app collects, processes, and uses personal information.
The Dutch privacy regulator said in a statement that they transferred several findings from their investigation to the Irish Data Protection Commission because TikTok established operations in Ireland during the investigation.
The General Data Protection Regulation (GDPR), the EU’s strict privacy law, allows only one regulator to oversee multinational corporations’ operations in the bloc.
“From that point forward, the DPA was only authorised to assess TikTok’s privacy statement because the violation itself had already ended,” said Monique Verdier, Deputy Chair of the Netherlands Data Protection Authority, in a statement.
“It is now up to Ireland’s Data Protection Commission to complete our investigation and issue a final ruling on the other potential privacy violations investigated by the DPA.”
Companies can be fined up to 4% of their global revenue under GDPR. ByteDance reported $34.3 billion in earnings in 2020, a 111 percent increase year on year.
WhatsApp was fined a record $265 million by Ireland’s privacy watchdog earlier this month for violating GDPR. Since the implementation of GDPR in 2018, the regulator has received complaints about how the app processes personal data, including from users and those who do not use WhatsApp.
According to the statement, “this includes information provided to data subjects about the processing of information between WhatsApp and other Facebook companies.”
TikTok has come under fire in the United States due to its Chinese owner’s security concerns.
“The danger is that the Chinese Communist Party (CCP) could use TikTok to gather sensitive information about Americans,” said Rep. Ken Buck (R-Colo.)
In August 2020, the Trump administration attempted to ban TikTok, claiming that the app could be used by the CCP to spy on Americans, but the order was never enforced due to several court orders. In June, President Joe Biden lifted the ban, instead directing the Commerce Department to conduct a review of apps with ties to the Chinese regime for national security risks.