EU Launches Investigation into TikTok Over Children's Data Privacy Violations

The European Data Protection Board (EDPB) has launched a formal investigation into TikTok for alleged widespread violations of the General Data Protection Regulation (GDPR) regarding the collection, processing, and profiling of children's personal data across all EU member states.

The investigation was triggered by a coordinated complaint from consumer protection organizations in 15 EU countries, alleging that TikTok's age verification mechanisms are ineffective and that the platform systematically collects excessive data from users under 16 without proper parental consent.

Specific allegations include: use of manipulative design patterns (dark patterns) to encourage children to share personal information, insufficient data minimization practices, processing of children's biometric data (face geometry) for filters without explicit consent, and failure to conduct adequate Data Protection Impact Assessments.

If found in violation, TikTok faces potential fines of up to 6% of its global annual revenue under the Digital Services Act, in addition to GDPR penalties of up to 4% of global revenue. Combined, this could result in fines exceeding $5 billion.

TikTok has stated that it takes the protection of young users seriously and has implemented numerous safeguards including default privacy settings for minors, screen time limits, and age-appropriate content filtering. The company has pledged full cooperation with the investigation.