The “luck of the Irish” is all bad for social media companies regarding data privacy. Now, TikTok was fined $368 million for its data privacy violation.

According to the AP, TikTok was fined $368 million today by the Ireland’s Data Protection Commission (DPC) for failing to protect children’s privacy, the first time that the popular short video-sharing app has been punished for breaching Europe’s strict data privacy rules.

The Irish DPC said it was fining TikTok 345 million euros and reprimanding the platform for the violations dating to the second half of 2020.

The investigation found that the sign-up process for teen users resulted in settings that made their accounts public by default, allowing anyone to view and comment on their videos. Those default settings also posed a risk to children under 13 who gained access to the platform even though they’re not allowed.

Also, a “family pairing” feature designed for parents to manage settings wasn’t strict enough, allowing adults to turn on direct messaging for users aged 16 and 17 without their consent. And it nudged teen users into more “privacy intrusive” options when signing up and posting videos, the watchdog said.

TikTok said in a statement that it disagrees with the decision, “particularly the level of the fine imposed.”

The company pointed out that the regulator’s criticisms focused on features and settings dating back three years. TikTok said it had made changes well before the investigation began in September 2021, including making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.

“Most of the decision’s criticisms are no longer relevant as a result of measures we introduced at the start of 2021 — several months before the investigation began,” TikTok’s head of privacy for Europe, Elaine Fox, wrote in a blog post.

The Irish regulator has been criticized for not moving fast enough in its investigations into Big Tech companies since EU privacy laws took effect in 2018. For TikTok, German and Italian regulators disagreed with parts of a draft decision issued a year ago, delaying it further.

The Irish DPC may not have moved as fast in its investigations, but they sure do have impact! They fined Instagram $432 million in June 2022 for mishandling teenagers’ personal information, fined Meta (Instagram’s parent company) $277 million in November 2022 for failing to protect personal information on 533 million Facebook users that showed up on a hacker website last year, and fined Meta again a record $1.3 Billion in May 2023 for failing to comply with a 2020 decision by the EU’s highest court that Facebook data shipped across the Atlantic was not sufficiently protected from American spy agencies.

That’s a total of $2.377 billion over just four fines! That’s why the “luck of the Irish” is all bad for social media companies regarding data privacy.

So, what do you think? Are you surprised that TikTok was fined $368 million? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.