The Dutch Data Protection Authority has imposed a fine of €750,000 on TikTok for violating the privacy of young Dutch users. TikTok provided their privacy statement in English rather than Dutch, which consequently means they did not provide an adequate explanation of how the app collects, processes, and uses personal data.
Failing to do so is an infringement of privacy legislation since it does not allow users a clear idea of what their personal data is being used for. The DPA launched an extensive investigation last year since there were concerns surrounding the privacy of children, who are considered an especially vulnerable category in the eyes of the law and given additional protections under the data protection legislation.
The fine stems from a wider investigation that has since been passed to the Irish Data Protection Authority. Initially, the case could have been investigated by any national authority since TikTok did not have its headquarters in Europe at the time. As it now does, the responsibility falls mainly to Ireland, the country where its headquarters are located.
The DPA’s Deputy Chair Monique Verdier commented: “We are now transferring several results of our investigation to the Irish Data Protection Commission. Initially, TikTok did not have its head office in Europe, and we were able to look into this matter from the Netherlands, but in the course of our investigation, TikTok established operations in Ireland.’
“From that point on, the DPA was only authorised to assess TikTok’s privacy statement because the violation itself had already ended. It is now up to Ireland’s Data Protection Commission to finish our investigation and issue a final ruling on the other possible violations of privacy investigated by the DPA.”
TikTok has now created a Dutch privacy statement, and has appealed the fine.