Tik Tok and security: the decision from the EU Institutions

Legal - August 23, 2023

In the modern world we’re living in today, technology pervades every aspect of our lives, from the professional to the personal one. There is no longer anyone who does not own a smartphone and use the most popular apps, from the youngest to the oldest. The digital age in which we live makes our daily lives increasingly punctuated by advancing technology, and it is this same technology that often takes possession of our data, even the most sensitive.

There are numerous cases in which people’s privacy has been more or less invaded by technology, starting from the apps downloaded on our cell phones, which although they may seem harmless very often manage to capture private and personal information, which, if they fall into the wrong hands, can greatly harm the whole life of the person concerned.

One of the recent cases that has caused the most stir is the one in which the Tik Tok app has been the undisputed star. Tik Tok has been in the crosshairs of public attention for some time now due to various events that have led this app to be scrutinized for its methods and dissemination by public and institutional bodies.

In particular, the ByteDance-owned app is to date all over the pages of newspapers and social media for alleged violations of children’s privacy.

The story began in 2021, when the Dutch data protection authority hit TikTok with a fine of €750,000. The main reason for that fine concerned the information provided during the installation and use of the app. This information was in English, which did not make it easily understandable, especially for children, who, to a greater or lesser extent, make extensive use of this app. The fact that the privacy statement had not been offered in Dutch was in itself a violation of privacy law, since users have the right to know what happens to their personal data and this must be guaranteed to them in a language they can understand, even and especially when it comes to users who for obvious reasons cannot fully understand their rights due to the imposition of a language barrier.

This event led the Dutch authorities to investigate more thoroughly, and the results of the Dutch investigation were handed over to the Irish Data Protection Commission, also to investigate potential illegalities related to the shipment of European users’ data to China.

Investigations continued, and the Data Protection Commissioner in Ireland revealed problems regarding TikTok’s processing of children’s personal data and age verification measures for children under 13.

The investigation was based on the requirements provided by the EU’s privacy regulation, the General Data Protection Regulation (the so-called GDPR). The Irish regulator wanted to verify whether the Chinese-owned app ensured that its default settings sufficiently protected children’s privacy and whether the company was transparent enough in the way it processed children’s data. One of the toughest issues was also TikTok’s age verification practices, intended to keep minors under 13 out of its platform. TikTok is overseen by the Irish Data Protection Commission because its EU headquarters is in the country. In the beginning, TikTok did not have its headquarters in Europe, but during the Dutch investigation, TikTok established operations in Ireland. If a company is not headquartered in Europe, any EU member state can exercise surveillance over its activities. In the case of companies headquartered in Europe, this responsibility falls primarily on the country where the headquarters is located.

The Irish DPC sent the case to the EDPB (the so known European Data Protection Board) following disagreements with its German and Italian counterparts.

Last April 2023, from London TikTok was also fined £12.7 million for failing to protect 1.4 million British children under 13 in 2020. The so-called Information Commissioner’s Office (ICO) imposed the fine after finding that the company used children’s data without parental consent.

As of today, Brussels also seems to be in a collision fight with TikTok, which had already had some difficulties in Europe, and it does not seem that to date its situation has improved, due to the lack of compliance with certain rules that apply within the European Union. In fact, as early as last February 2023, the European Commission asked its employees to delete the application from their devices for security reasons. Problems of security and lack of transparency in the management of personal data were also found in a report by the French Senate, which, in the absence of clarification within this year rendered by TikTok, called for the suspension of the social in France and the EU.

But that’s not all, because even outside European borders, namely in the United States, TikTok has received a lot of criticism in recent years. Among other things, it has been called an “unacceptable security risk” by the FCC commissioner and has been accused of collecting data on people who do not even use the app by a U.S. nonprofit organization

As for the Chinese giant’s current situation in Europe, according to some sources, TikTok will be fined by Brussels for “violating the privacy of children in the European Union” next September. The fine could be, potentially, in the millions of euros. The European Data Protection Board, which is the independent body that oversees the enforcement of EU privacy provisions, has finally come to a final decision on the now notorious problem of how this social network handles the data of EU citizens, especially when it comes to minors, who are the majority of users using this platform.

On the opposite side, namely TikTok, the company is trying to improve its application and operating rules so as to comply with European regulations and to be compliant with the law. In particular, TikTok has announced some new features for European users. Most importantly, it aims to make it easier for EU users to report illegal content, to allow them to disable personalized recommendations for videos, and to remove targeted advertising for users between the ages of 13 and 17.

The company also stated that its intention is to continue not only to comply with its regulatory obligations, but also, and more importantly, seems to be intent on trying to set new standards through innovative solutions.

The security is one of the themes that is increasingly discussed and every day presents a new facet that needs to be addressed. Every day a new risk arises, a new danger that can affect international, national and personal security. Therefore, it is necessary to deploy all the most appropriate tools to counter these new dangers related to the era we are living in, protecting and defending safety and security more and more.

It is therefore more important than ever in this digital era to take into account all the evolutions that technology is experiencing, connecting technology with the law. It is only in this way, that is, through the innovation of existing regulations that security can be guaranteed. Above all, it is essential that if the law that is in force within the European Union is violated, and it is violated to the detriment of weaker people such as minors may be, those who do not comply with it are punished and serve the right penalties, not only from an economic point of view, but possibly also penal when necessary. The issue of security must remain high on the European agenda, and above all, interference from third parties must be promptly and firmly spoilt.