Sign Up for our Free Newsletter
menu
Solicitors Journal Homepage
  • Home
  • News
  • Digital Edition
  • Practice Notes
    • Area of Law
      • Agricultural
      • ADR & Mediation
      • Asylum & Immigration
      • Aviation
      • Bankruptcy and Insolvency
      • Charities
      • Children
      • Clinical negligence
      • Commercial
      • Competition
      • Construction
      • Conveyancing
      • Costs
      • Crime
      • Data Protection
      • Discrimination
      • Education
      • Employment
      • Energy
      • EU
      • Expert witness
      • Family
      • Financial services & Tax
      • Health & Safety
      • Human rights
      • Inquest
      • Insurance
      • Intellectual property
      • Legal Aid
      • Litigation
      • Maritime
      • Media
      • Mergers & Acquisition
      • Pensions
      • Personal injury
      • Police & Prisons
      • Private client
      • Procedures
      • Professional negligence
      • Property
      • Public Law
      • Regulation
      • Residential
      • Road traffic
      • Vulnerable Clients
    • Management
      • Business Development and Marketing
      • Career development
      • Covid-19
      • Education & Training
      • Equality & diversity
      • Ethics and Compliance
      • Finance
      • Human Resources
      • Knowledge management
      • Leadership
      • Legal services
      • Marketing
      • Pro bono
      • Professional indemnity
      • Regulators
      • Risk & Compliance
      • Technical legal practice
      • Technology
      • Wellbeing
  • Opinion
  • Business
  • International
  • Interview
  • More
    • About
    • Contact Us
    • Subscribe
    • Newsletter
    • FAQ
    • Guide to Authors
    • Media Pack
    • Site Map
  • Contact Us
  • Terms and Conditions
  • Cookie Policy
  • Privacy Policy
  • Follow us:
    Twitter
    LinkedIn
© 2023 Solicitors Journal in partnership with the International In-house Counsel Journal | Picture Credits: Freepix, Unsplash and by permission of the authors
Sian Stephens

Sian Stephens

AssociatePayne Hicks Beach
Quotation Marks

TikTok is set to be fined £27m by the ICO for this recent breach. It would be the largest fine in the ICO’s history, exceeding the record £20m handed to British Airways in 2018

The TikTok breach

Tue Nov 29 2022Opinion
The TikTok breach

Sian Stephens examines the ICO’s recent fine of the social media giant

A notice of intent (a legal document that precedes a fine) was issued by the Information Commissioner’s Office (ICO) to the Chinese-owned app TikTok in September 2022. It has been stated that between May 2018 and July 2020, TikTok may have processed the data of children under the age of 13 without appropriate parental consent. TikTok had failed to provide proper information to its users in a concise, transparent and easily understandable way. The ICO said TikTok may have processed special category data, which is more sensitive personal data requiring additional protection – including ethnic and racial origin, political opinions, religious beliefs, sexual orientation, trade union membership and genetic, biometric or health data – without a ‘legal basis’ or condition under the General Data Protection Regulation (GDPR).

There are six legal bases to choose from to process personal data: consent, contract, legal obligation, vital interests, public task and legitimate interest. If you are processing special category data, a further condition for processing is required together with a legal basis for the processing to be lawful. This recent revelation stems from an investigation the ICO first initiated back in 2019, as the regulatory body revealed that it would be looking into how TikTok collects private data. More specifically, the investigation sought to discover whether TikTok’s practices constitute a breach of the GDPR, which requires companies to put robust measures in place to protect underage users, including addressing how the platform allows children to interact with adults.

Past behaviour

TikTok has been controversial when it comes to issues surrounding children’s privacy, ever since it launched in 2014. The app’s user base has always been broadly very young, and in its early years, the app was arguably not necessarily that careful about screening users by age. There have been many problems with TikTok using children’s personal information and browsing habits for targeted advertising. Ad algorithms sometimes promote gambling sites to children, or show them games with intentionally addictive components. Most alarmingly of all, TikTok has received heavy criticism for promoting dangerous ‘challenges’ that spread among underage users and have caused serious harm and even death.

The fine

TikTok is set to be fined £27m by the ICO for this recent breach. It would be the largest fine in the ICO’s history, exceeding the record £20m handed to British Airways in 2018. This impending fine relates to a class action against TikTok, brought in 2020 by Anne Longfield, a former Children’s Commissioner, for violations of the EU GDPR on behalf of children residents in the UK or the EEA since May 2018. In its decision issued in March 2022, the High Court highlighted that TikTok had breached UK GDPR transparency requirements as to the extent and purpose of children’s data it processed.

ICO developments

The ICO is the UK’s data protection regulator: its role is to regulate and enforce data protection law in the UK, which consists of the UK GDPR and the Data Protection Act 2018. It has the ability to consider complaints, monitor compliance and take enforcement action where appropriate against UK organisations. Enforcement action includes issuing fines of up to £17.5m or four per cent of an organisation’s global annual turnover. Recent developments in respect of the protection of children’s personal data have included the introduction in September 2021 of the ICO’s Children’s Code which (among other things) considers the best interests of the child and parental controls. Online services covered by the Code are wide ranging and include apps, games, connected toys, devices and news services.

The ICO has implemented, on its website, a Children’s Code Self-Assessment Risk Tool for medium to large private, public and third sector organisations to use. This tool helps conduct a risk assessment, focusing on how the UK GDPR and the Code applies in the context of an organisation’s digital service. This is a practical way to achieve a ‘proportionate and risk-based approach to ensuring children’s protection and privacy’. The ICO’s Code and the substantial fine issued to TikTok show a firm commitment by the ICO to protecting children’s privacy

Sian Stephens is a data protection associate at Payne Hicks Beach: phb.co.uk

Tags:
AdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisement
Latest News

Parents and carers to be given new employment protections

Fri May 26 2023

Committee finds plans to level up the country risk failure due to funding concerns

Fri May 26 2023

Government consults on enforcement mechanisms for animal health and welfare offences

Fri May 26 2023

Government expands legal aid eligibility

Thu May 25 2023

Council of Europe identifies serious concerns affecting minorities in the UK

Thu May 25 2023

ONS finds international migration to the UK hit new high in 2022

Thu May 25 2023

Government consults on plans to reduce reporting burdens on businesses

Wed May 24 2023

Committee report finds government not taking harms from alcohol seriously enough

Wed May 24 2023

Committee seeks views on the Digital Markets, Competition and Consumers Bill

Wed May 24 2023
Featured
A closer look at the trademark dispute between retail giants Lidl and Tesco
FeatureThu May 18 2023
A closer look at the trademark dispute between retail giants Lidl and Tesco

Angela Jack dissects the recent ruling in Lidl Great Britain Ltd & others v Tesco Stores Limited & others [2023] EWHC 873 (Ch)

The UK maternity care crisis: £5bn in avoidable damages claims
FeatureThu May 18 2023
The UK maternity care crisis: £5bn in avoidable damages claims

Billions of pounds in NHS damages claims could have been avoided had recommendations from past reviews been followed by action, argues Kerstin Scheel

Understanding Chinese underground banking and the risks
FeatureThu May 18 2023
Understanding Chinese underground banking and the risks

Laurence Howland explores the mechanisms of Chinese underground banking and the red flags

The building blocks for a successful collaborative culture
FeatureThu May 18 2023
The building blocks for a successful collaborative culture

Chris Marston explores the ways in which law firms can establish a powerful collaborative culture

SJ Interview: James Fulforth
SJ InterviewThu May 18 2023
SJ Interview: James Fulforth

The Solicitors Journal spoke to James Fulforth, Kingsley Napley’s newly appointed Senior Partner, about his experiences in the law, his thoughts on the UK’s tech sector and what he hopes to achieve in his new role

Long-awaited reports and controversial bills dominate
ForewordTue Apr 25 2023
Long-awaited reports and controversial bills dominate

Sophie Cameron takes a look at the news in the April Foreword