TikTok may face a £27m fine for a possible breach of UK data protection law by failing to protect children’s privacy on the platform.
The Information Commissioner’s Office (ICO) issued the popular video platform with a provisional notice of intent, signalling the warning before a potential fine.
Between 2018 and 2020, it says TikTok may have processed data belonging to children under the age of 13 – without parental consent, or the necessary legal grounds.
The ICO states that the platform failed to give the required information to its users in a concise, transparent and easily understandable way.
Information commissioner John Edwards said: “We all want children to be able to learn and experience the digital world, but with proper data privacy protections.
“Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement.
“I’ve been clear that our work to better protect children online involves working with organisations but will also involve enforcement action where necessary.”
Mr Edwards also revealed the ICO has a total of six investigations under way into firms providing digital services which have not “taken their responsibilities around child safety seriously enough”.
The Children’s Code was introduced in September 2021, putting in place new data protection codes of practice for online services likely to be used by children.
The code is built on existing data protection laws and includes financial penalties for serious breaches.
The ICO is yet to reach a conclusion on its findings and is ready to “carefully consider any representations” from TikTok before making a final decision.
A TikTok spokesperson said: “While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course.”