Irish regulators have fined TikTok €345m (£296m) for violating children’s privacy.
The complaint concerned how the social media app handled children’s data in 2020 – particularly around age verification and privacy settings.
It is the biggest fine to date TikTok has received from regulators.
A spokesperson for the social media firm said it “respectfully disagree[s] with the decision, particularly the level of the fine imposed”.
“The criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default,” they said.
The fine was issued by Ireland’s Data Protection Commission (DPC) under the EU’s General Data Protection Regulation (GDPR) privacy law.
GDPR sets out rules that companies must follow when handling data.
The DPC found that TikTok had not been transparent enough with children about its privacy settings, and raised questions about how their data was processed.
Data Protection Commissioner Helen Dixon told BBC News the inquiry also found that accounts made by those aged between 13 and 17 were made public by default on registration, meaning the content they posted was visible to anyone.
“That is precisely at the hands of TikTok because of the way they designed the platform, and we say that infringed the data protection by design and by the default requirements of the GDPR,” Ms Dixon said.
The firm has been given three months to makes its data processing completely comply with GDPR.
Prof Sonia Livingstone, who researches children’s digital rights and experiences at the London School of Economics and Political Science, welcomed the DPC’s decision.
“[Children] want to participate in the digital world without being exploited or manipulated. And that means that platforms must explain how their data are treated and, most important, treat their data fairly, since privacy is a child’s right,” she said.
There remains an investigation under way about whether TikTok has illegally transferred data from the EU to China. TikTok is owned by Beijing firm ByteDance.
Despite the fine being in the hundreds of millions, it is actually smaller than other penalties seen in recent months – such as the €1.2bn (£1bn) fine Meta was given by the regulator in May for mishandling people’s data when transferring it between Europe and the United States.
It is however substantially larger than the £12.7m fine TikTok was issued by the UK data watchdog in April for allowing children aged under 13 to use the platform in 2020.
The fine issued by the DPC specifically refers to 2020, and TikTok took several actions in the years following to make it more compliant.
This included it becoming one of the first social media sites to make accounts for 13 to 15-year-olds private by default in January 2021.
It will also introduce a change this month which will mean all 16 and 17-year-olds signing up to the platform will have their account set to private by default.