TikTok Facing £27m Fine From UK Data Commissioner

TikTok Facing £27m Fine From UK Data Commissioner


TikTok is facing a £27 million fine after the UK’s Information Commissioner’s Office (ICO) provisionally determined that it violated child data protection regulations over a two-year period.

The ICO said that social media giant “may have” processed data of children under the age of 13 without parental consent between May 2018 and July 2020.

Additionally, it said the company may have “failed to provide proper information to its users in a concise, transparent and easily understood way” and “processed special category data, without legal grounds to do so.”

Special category data relates to personal data in categories including sexual orientation, religion, race and ethnicity, political views, and genetic and biometric information.

The ICO originally launched its investigation in 2019 into how TikTok obtains personal information. The investigation looked into whether its actions violated the General Data Protection Regulation (GDPR), which requires businesses to implement strong safeguards to protect users under the age of 18, including taking into account how the platform enables children to interact with adults.

Following its investigation, the ICO has now sent a “notice of intent” – a legal document outlining its findings before making a final decision — to TikTok Inc. and TikTok Information Technologies UK Limited, allowing them the opportunity to reply.

The ICO stressed that “no conclusion should be drawn at this stage” in terms of whether there has been a breach of data protect law, or that any fine will in fact be imposed.

A TikTok spokesperson says: “This Notice of Intent, covering the period May 2018 to July 2020, is provisional and as the ICO itself has stated, no final conclusions can be drawn at this time. While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO in due course.”

The data privacy policies of the video social network controlled by ByteDance have come under growing scrutiny. In the USA, the US Federal Trade Commission (FTC) fined ByteDance $5.7 million in 2019 for violating the Children’s Online Privacy Protection Act (COPPA). More recently, TikTok was forced to postpone a planned privacy policy change in Europe that would have prevented it from requesting users’ permission for targeted advertising.

In addition, a UK High Court judge recently approved a class action-style case against TikTok about its management of children’s data. The claim was first brought by a 12-year-old back in 2020.

According to existing legislation, the UK has the authority to fine businesses that violate the Data Protection Act or the UK GDPR up to £17.5 million ($19 million), or 4% of their global sales.


Gill Laing is a qualified Legal Researcher & Analyst with niche specialisms in Law, Tax, Human Resources, Immigration & Employment Law.

Gill is a Multiple Business Owner and the Managing Director of Prof Services - a Marketing Agency for the Professional Services Sector.

lawble newsletter sign up

Subscribe to our newsletter

Filled with practical insights, news and trends, you can stay informed and be inspired to take your business forward with energy and confidence.