The Guarantor on TikTok: privacy of minors at risk
Today the Privacy Guarantor announces the launch of a formal proceeding against TikTok listing a series of violations attributed to the platform: scarce attention to the protection of minors, a ban on enrollment for children that can be easily circumvented, little transparency and clarity in the information provided to users , default settings that do not respect personal data.
The authority challenges TikTok first of all for an unstructured registration method in order to adequately protect minors. The formal ban on creating an account for anyone under 13 is too easy to bypass, just enter a false date of birth. Therefore, compliance with the provisions of the Italian rules on the subject which requires the explicit consent authorized by the parents or by whoever has parental responsibility of the child under the age of 14 is also lacking.
data protection has opened a formal proceeding on the risks to the #privacy of #TikTok, the social network used by young people to create and share videos. The protection of minors is fundamental and what is illegal offline must also be online
- Paola Pisano (@PaolaPisano_Min) December 22, 2020
Emphasis is also placed on the information issued to users, standardized and not designed to take into account the specific needs of minors, while a section specifically for children should be created, written in simple language, accessible and with effective alert mechanisms in signaling potential risks.
Another point taken into consideration is that concerning data retention times: indefinite with respect to the purposes for which they are collected. The anonymization methods that the social network claims to apply are not indicated. The same applies to the transfer of information to countries outside the European Union.
Finally, the platform sets the profile as public by default, exposing it to maximum visibility, without this being decided proactively by the person concerned unlike what the law provides.
TikTok and more specifically the parent company ByteDance that controls the social network are now given 30 days to send defensive memos and possibly ask to be heard.
Source: Privacy Guarantor
TikTok: the violations detected by the Privacy Guarantor
The investigation was started in March, bringing to light a series of practices implemented by the social network network and deemed non-compliant with the regulatory framework that regulates the protection of information and members. What makes the issue particularly important is the average age of users, often young or very young.The authority challenges TikTok first of all for an unstructured registration method in order to adequately protect minors. The formal ban on creating an account for anyone under 13 is too easy to bypass, just enter a false date of birth. Therefore, compliance with the provisions of the Italian rules on the subject which requires the explicit consent authorized by the parents or by whoever has parental responsibility of the child under the age of 14 is also lacking.
data protection has opened a formal proceeding on the risks to the #privacy of #TikTok, the social network used by young people to create and share videos. The protection of minors is fundamental and what is illegal offline must also be online
- Paola Pisano (@PaolaPisano_Min) December 22, 2020
Emphasis is also placed on the information issued to users, standardized and not designed to take into account the specific needs of minors, while a section specifically for children should be created, written in simple language, accessible and with effective alert mechanisms in signaling potential risks.
Another point taken into consideration is that concerning data retention times: indefinite with respect to the purposes for which they are collected. The anonymization methods that the social network claims to apply are not indicated. The same applies to the transfer of information to countries outside the European Union.
Finally, the platform sets the profile as public by default, exposing it to maximum visibility, without this being decided proactively by the person concerned unlike what the law provides.
TikTok and more specifically the parent company ByteDance that controls the social network are now given 30 days to send defensive memos and possibly ask to be heard.
Source: Privacy Guarantor