Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Data Protection

TikTok’s Trials and Tribulations Continue With UK Data Protection Fine

The UK’s data protection regulator fined TikTok £12.7 million for “failing to use children’s personal data lawfully”

TikTok Data in China

TikTok has been fined £12.7 million (about $15.7 million) for breaches of UK data protection laws.

The UK’s data protection regulator (the ICO) has announced a fine of £12.7 million for “failing to use children’s personal data lawfully”. More specifically, the announcement states more than one million UK children under the age of 13 used the service in 2020; personal data of children was used without parental consent; and “TikTok ‘did not do enough’ to check who was using their platform and take sufficient action to remove the underage children that were.”

John Edwards, the UK Information Commissioner, commented, “There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws… TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.”

Nevertheless, this fine is a reduction from the ICO’s original notice of intent in September 2022 to fine TikTok £27 million. “Taking into consideration the representations from TikTok, the regulator decided not to pursue the provisional finding related to the unlawful use of special category data. That means this potential infringement was not included in the final amount of the fine set at £12.7 million,” says the announcement.

While this finding will please many privacy and children’s advocates, many others do not believe it is enough. “1.4 million UK kids opened a TikTok account and offered their personal data to be processed,” comments Tara Taubman-Bassirian, a privacy advocate and EU GDPR specialist. “Do we know how and with whom these were shared? What we know is TikTok might pay £12.7 million for it. How much TikTok made and will continue to make… we don’t know.”

This last comment is pertinent. “Why such a drastic reduction of the fine by half, with no injunction to delete the data unlawfully collected?” Does this mean, she asks, “infringement is OK if you pay the price?”

Related: TikTok Attorney: China Can’t Get U.S. Data Under Plan

Advertisement. Scroll to continue reading.

Related: TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content

Related: Why TikTok Is Being Banned on Gov’t Phones in US and Beyond

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

CommandK announced that it has raised $3 million in a seed funding round for a solution designed to help organizations secure sensitive data.