Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation. Credit: TikTok The UK’s Information Commissioner’s Office announced today that it has levied a nearly $16 million fine against TikTok for “a number of breaches” of the country’s data protection law.Central to the ICO’s decision to fine TikTok are the estimated 1.4 million UK children under 13 years of age, who were allowed to sign up for the platform in 2020, despite the company’s own rules barring such use.That’s a violation of UK’s General Data Protection Regulation (similar to the EU’s GDPR), the ICO said in a statement. The UK GDPR requires that companies that use personal data to offer services to children under 13 need a parent or guardian’s permission to do so. The regulator also noted that “senior employees” at TikTok were aware of underage users on the platform, and did not respond adequately to the issue.“There are laws in place to make sure our children our as safe in the digital world as they are in the physical world,” said UK Information Commissioner John Edwards in the statement. “TikTok should have known better. TikTok should have done better.” The ICO also charged TikTok with failing to offer clear information to users about how their personal information is collected and used, as well as with failing to ensure that user data was processed lawfully.The UK government had originally intended to fine TikTok more than twice as much as today’s $15.8 million. However, today’s ICO statement said that the company’s arguments convinced regulators not to pursue an earlier, provisional finding that it had also used special category data unlawfully, bringing the total fine down from an original figure of $33.7 million. “Our [$15.8 million] fine reflects the serious impact their failures may have had,” Edwards stated. “They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform.”TikTok said in a statement that it is reviewing the decision. While it disagrees with the UK’s action, a spokesperson said that that the company is pleased that regulators reduced the total fine from its original amount.“TikTok is a platform for users aged 13 and over,” the spokesperson said. “We invest heavily to keep under-13s off the platform.”The Chinese-owned social media giant has long been under fire from western regulators for privacy concerns. Several countries — including the US, UK and Canada — have banned it from use on government devices, while Australia and New Zealand have similar restrictions pending. Related content brandpost Shifting security left: DevSecOps meets virtualization By Anthony Ricco, CMO of Corellium. 01 Jul 2023 4 mins Security news analysis Attackers add hacked servers to commercial proxy networks for profit Proxyjacking allows attackers to sell unknowing victims' unused network bandwidth. By Lucian Constantin 30 Jun 2023 4 mins Cybercrime news Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group PhonyC2 was used to exploit the log4j vulnerability in the Israeli software SysAid, the attack against Israel’s Technion institute, and the ongoing attack against the PaperCut print management software. By Apurva Venkat 30 Jun 2023 4 mins Advanced Persistent Threats Cyberattacks Vulnerabilities news First state-sponsored cyberattack against UK government revealed two decades later Rare insight marks the 20th anniversary of a state-backed malware attack on a UK government department. By Michael Hill 30 Jun 2023 3 mins Cyberattacks Government Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe