How can we help?


TikTok is fined £12.7 million by the ICO for failing to safeguard children’s data

The popular social networking app TikTok, which allows users to record and share short videos, was fined £12.7 million on 4 April 2023 by the Information Commissioner’s Office (ICO) for breaching data protection laws.

What laws did TikTok breach?

  • Parental consent

Under article 8 of the UK General Data Protection Regulation (UK GDPR), an organisation must have parental consent if it wishes to use personal data when providing information society services to children under 13.  TikTok was accused of exploiting these regulations by using children’s personal information without their parents’ consent during the period between May 2018 to July 2020. The networking app allowed up to 1.4 million UK children under the age of 13 to use its platform, notwithstanding that its terms and conditions specify 13 as the minimum age to register an account.  It was later discovered that, at the time, TikTok’s systems were insufficient to enforce this age restriction.

  • Transparent information

Article 12 of the UK GDPR states that individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under UK law. For example, an organisation must disclose to the individual: the reasons why their personal information is being processed; how long that information will be kept; and who it will be shared with. Consequently, TikTok breached article 12 of the UK GDPR because it did not adequately inform its users of how their data was being gathered, used, and shared.  As a result, users were not able to make informed decisions, particularly those under the age of 13, which was a fundamental breach.

  • Unlawful processing

Taking into the account the above, TikTok breached a key principle of the UK GDPR under article 5(1)(a) for the unlawful processing of children’s personal data in an unfair and untransparent way.

These findings were concluded by the ICO as a result of its extensive investigation into TikTok.

TikTok breached article 12 of the UK GDPR because it did not adequately inform its users of how their data was being gathered, used, and shared.

The ICO investigation

The ICO alleged that the app’s efforts to identify and ban users who were underage fell short.  Workers of TikTok reportedly expressed worries to senior staff about the lack of underage profiles that were being removed.  Thus, TikTok may have used children’s data to track and profile them, potentially exposing children to dangerous or inappropriate content.  Mr John Edwards from the UK Information Commissioners Office said “all that was required was a self-certification that the applicant was over 13, by clicking a box with no verification, with no extra checks. We understand that there are now significantly more checks and balances in place to detect that kind of thing.” He also added “there are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws”.

Although a representative for TikTok said the company disagrees with the ICO’s decision, TikTok is grateful that the fine has been reduced by over half.  This is because the original ICO notice of intent for TikTok in September 2022 suggested the fine should be up near £27 million. However, after considering TikTok’s arguments, the ICO decided against pursuing the initial finding of “improper use of special category data”, which subsequently decreased the fine to £12.7 million.

Codes of Conduct

As the investigation of TikTok came to a close, the ICO released the ‘Children’s code’ in order to better safeguard children in the digital world.  The Children’s code is a legal framework that sets out fifteen standards of conduct for online services that are likely to be utilised by minors. These include: websites, smart device apps, video sites, streaming platforms, games sites and social networking platforms. It is envisaged that, through effective compliance and governance, these standards will work as an aid in decreasing violations of the data protection laws surrounding children.

For more information on the data protection legislation or if you require advice or an audit as to whether your business currently meets UK GDPR standards, please feel free to contact a member of the Data Protection Lawyers.

About this article

This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

About this article

Read, listen and watch our latest insights

  • 10 July 2024
  • Employment

Redundancy : Back to Basics FAQs

Redundancy can be a scary and overwhelming time both for employees being made redundant, and for those that have to make the decision. It is important for both parties to know their rights and obligations in this time.

  • 27 June 2024
  • Employment

TUPE Podcast Series: What Transfers

In this sixth podcast in our TUPE Podcast Series, Amanda Glover will delve into the automatic transfer principle and what transfers to the incoming employer under TUPE.

  • 24 June 2024
  • Employment

Rethinking health in UK workplaces for a more productive future – Amanda Glover writes for Business Voice magazine

In Business Voice magazine, Amanda Glover discusses the record high levels of sickness absence in the UK and how employers should rethink workplace health for a production future.

  • 24 June 2024
  • Employment

Amanda Glover comments on the Conservative and Labour manifestos for HR Grapevine

In HR Grapevine, Amanda Glover, Associate at Clarkslegal, comments on the manifesto pledges for workplaces by the Conservative Party and the Labour Party.

  • 21 June 2024
  • Employment

Navigating the Labour Party’s New Deal for Working People: Legal implications post-election

Following the success of our seminar in Reading, we are pleased to announce that we will host the event again at our London office post-election. Please join Monica Atwal and Amanda Glover, for this in-person seminar on Thursday, July 11th, where they will discuss the Labour Party’s New Deal for Working People.

  • 19 June 2024
  • Employment

Are your employee benefits attracting and retaining top talent

The country’s economic outlook continues to improve, but many companies and employees are still under pressure due to high inflation and the resulting cost of living crisis.