TikTok Fined £12.7m For Breaching Child Protection Law

TikTok has received a £12.7m fine from the British data protection regulator, the Information Commissioner's Office (ICO) for failing to protect the privacy of over 1m children. This is because it “failed to use children’s personal data lawfully” and “did not do enough” to prevent underage children using its platform the ICO said. 

The video-sharing site used the data of children aged under 13 without parental consent, according to an ICO investigation. The fine is one of the largest the ICO has ever issued.

The Chinese-owned video app had not done enough to check who was using the platform and remove underage children, the Information Commissioner’s Office (ICO) said on 4th April. It estimated TikTok allowed up to 1.4 million UK children of this age to use the platform in 2020. TikTok said it had "invested heavily" to stop under 13s accessing the site. 

UK data protection law does not have a strict ban on children using the Internet but requires organisations that use the personal data of children to obtain consent from their parents or carers.

Despite TikTok's rules requiring children under 13 to have parental consent to use the platform, the ICO said many were able to set up accounts without this. It said that children's data may have been used to track and profile them, and potentially present them with harmful or inappropriate content.

The Information Commissioner John Edwards said in a Statement: "There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws. As a consequence, an estimated one million under-13s were inappropriately granted access to the platform, with TikTok collecting and using their personal data... TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had."  

TikTok is allowed to appeal against the scale of the fine and has 28 days to make representations. If successful, the ICO could reduce the final amount. The regulator has a maximum of 16 weeks, from issuing the notice of a proposed fine to delivering its final verdict.

“Since the conclusion of the ICO’s investigation of TikTok, the regulator has published the Children’s code to help protect children in the digital world. It is a statutory code of practice aimed at online services, such as apps, gaming platforms and web and social media sites, that are likely to be accessed by children,” says the ICO.

In 2019, TikTok was fined $5.7m by the US Federal Trade Commission for similar practices. That fine, a record at the time, was also levied against TikTok for improper data collection from children under 13.

The company subsequently committed to improving its practices and said it would begin keeping younger users in “age-appropriate TikTok environments”, where those under 13 would be pushed into a more passive role, able to watch videos, but not post or comment on the platform.

ICO:      BBC:     Guardian:     Independent:     Mirror:      ITV:    Yahoo:  

You Might Also Read: 

British School Childrens' Confidential Data Dumped:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI Revolution: The Future Is Here, Now
President Biden Forbids Spyware From Government Use »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Cleo

Cleo

Cleo is a leader in secure information integration, enabling both ease and excellence in business data movement and orchestration.

NextLabs

NextLabs

NextLabs provides data-centric security software to protect business-critical data and applications.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

KE-CIRT/CC

KE-CIRT/CC

KE-CIRT/CC is the national Computer Incident Response Team for Kenya.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

CyberPoint

CyberPoint

CyberPoint delivers innovative, leading-edge cyber security products, solutions, and services to customers worldwide.

Sangfor Technologies

Sangfor Technologies

Sangfor is a global leader of IT infrastructure, security solutions, and cloud computing.

Document Security Systems (DSS)

Document Security Systems (DSS)

DSS anti-counterfeit, authentication, and brand protection solutions are deployed to prevent attacks which threaten products, digital presence, financial instruments, and identification.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Verizon

Verizon

Verizon is a leader in IT technology solutions - Verizon Cloud, Networking, Security, Mobility, Machine-to-Machine (M2M), Advanced Communications and Professional Services.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

AirMDR

AirMDR

Designed by experts, AirMDR solutions cater to the unique demands of security operations centers.

Modat

Modat

Modat is an AI-powered, research-driven company focused on developing products and services that enable cybersecurity professionals to outpace adversaries.