A major European technology regulator has ordered TikTok to pay a €345 million ($368 million) penalty. This decision comes after the regulator determined that the app did not do enough to protect children.
The Irish Data Protection Commission, responsible for overseeing TikTok’s operations in the European Union, announced on Friday that the company had violated the EU’s important privacy law.
An investigation by the DPC found that during the latter part of 2020, TikTok’s default settings did not provide sufficient protection for children’s accounts. For instance, it was discovered that newly created children’s profiles were automatically set to public, allowing anyone on the internet to view them.
TikTok also failed to adequately inform children about these privacy risks. Additionally, the company used tactics referred to as “dark patterns” to encourage users to share more of their personal information.
Another violation of EU privacy law occurred with TikTok’s Family Pairing feature, designed to be a parental control tool. The DPC noted that this feature did not require the adult overseeing a child’s account to be verified as the child’s actual parent or guardian. This oversight meant that theoretically, any adult could weaken a child’s privacy protections.

TikTok introduced Family Pairing in April 2020, enabling adults to link their accounts with those of children to manage screen time, limit access to unwanted content, and control direct messaging to children.
The DPC has given TikTok three months to address these violations, along with issuing a formal reprimand.
TikTok has not yet responded to CNN’s request for comment.
In a blog post on Friday, TikTok expressed its “respectful” disagreement with several aspects of the ruling. The company claimed that many of the criticisms in the decision no longer apply due to measures implemented in early 2021.
These changes included setting both existing and new accounts to private by default for users aged 13 to 15. TikTok also plans to introduce a revamped account registration process for new 16- and 17-year-old users, which will default to private settings.
TikTok did not mention whether Family Pairing would now verify the adult’s relationship with the child. However, the company stated that this feature had been strengthened over time with new options and tools. TikTok emphasized that none of the regulator’s findings concluded that its age verification measures violated EU privacy law.
In April, TikTok was also fined in the United Kingdom for several data protection law breaches, including the misuse of children’s personal data.