As the UK’s data privacy regulator, the ICO is tasked with ensuring companies and individuals comply with the country’s data protection laws. As part of this duty, the ICO investigates public complaints of personal data infringement. Though the investigative process is confidential, the ICO records and investigates every complaint and data breach record. TikTok will have 30 days to respond to the findings. The ICO also said that its notice does not mean TikTok has conclusively violated UK’s laws, however, if found guilty, the social media giant could be fined up to 4% of its annual global turnover. “The Commissioner’s findings in the notice are provisional,” the ICO’s official statement reads. “No conclusion should be drawn at this stage that there has, in fact, been any breach of data protection law or that a financial penalty will ultimately be imposed. We will carefully consider any representations from TikTok before taking a final decision.”
ICO’s Provisional Findings
In its investigation into TikTok’s privacy practices, the regulator said it found that certain policies, between May 2018 and July 2020, may be in violation of UK law. Consequently, it issued a “notice of intent” to TikTok — a legal document that signals the ICO’s intent to levy a fine. The ICO’s provisional findings are listed below: “We all want children to be able to learn and experience the digital world, but with proper data privacy protections,” UK Information Commissioner John Edwards said. “Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement,” Edwards added.
TikTok Disagrees With ICO, Prepares Formal Response
TikTok has publicly disagreed with the ICO’s provisional fine and is planning to issue a formal response to the regulator. “While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course,” a TikTok spokesperson told CNBC. In recent years, TikTok’s privacy practices, especially concerning children, have been under heavy scrutiny all over the globe. Last year the Irish Data Protection Authority launched two investigations into its data protection practices and whether it complies with the GDPR. In October 2021, a U.S. Senate subcommittee called TikTok’s vice president and head of public policy, Michael Beckerman, to provide testimony on the platform’s impact on young children. The company also faced a lawsuit in the UK for allowing children younger than 13 to join and use the platform. This issue was also brought up in the ICO’s findings. The ICO’s investigation and provisional decision show that the heat is still very much on TikTok. If you found this story interesting and want to know more about safety and privacy for kids online, we recommend checking out our ultimate TikTok child safety guide.