TikTok has been fined £12.7 million (about $15.7 million) for breaches of UK data protection laws.
The UK’s data protection regulator (the ICO) has announced a fine of £12.7 million for “failing to use children’s personal data lawfully”. More specifically, the announcement states more than one million UK children under the age of 13 used the service in 2020; personal data of children was used without parental consent; and “TikTok ‘did not do enough’ to check who was using their platform and take sufficient action to remove the underage children that were.”
John Edwards, the UK Information Commissioner, commented, “There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws… TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.”
Nevertheless, this fine is a reduction from the ICO’s original notice of intent in September 2022 to fine TikTok £27 million. “Taking into consideration the representations from TikTok, the regulator decided not to pursue the provisional finding related to the unlawful use of special category data. That means this potential infringement was not included in the final amount of the fine set at £12.7 million,” says the announcement.
While this finding will please many privacy and children’s advocates, many others do not believe it is enough. “1.4 million UK kids opened a TikTok account and offered their personal data to be processed,” comments Tara Taubman-Bassirian, a privacy advocate and EU GDPR specialist. “Do we know how and with whom these were shared? What we know is TikTok might pay £12.7 million for it. How much TikTok made and will continue to make… we don’t know.”
This last comment is pertinent. “Why such a drastic reduction of the fine by half, with no injunction to delete the data unlawfully collected?” Does this mean, she asks, “infringement is OK if you pay the price?”
Related: TikTok Attorney: China Can’t Get U.S. Data Under Plan
Related: TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
Related: Why TikTok Is Being Banned on Gov’t Phones in US and Beyond

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Quantum Decryption Brought Closer by Topological Qubits
- IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
- CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
- Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
- Open Banking: A Perfect Storm for Security and Privacy?
- Apiiro Launches Application Attack Surface Exploration Tool
- Phylum Adds Open Policy Agent to Open Source Analysis Engine
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
