TikTok was fined €750,000 by the Dutch Data Protection Authority (AP) for violating Article 12(1) GDPR. The AP can impose a fine of up to €20 million or 4% of the total worldwide annual turnover for such infringements. The infringement was classified as category III with a penalty range of €300,000 to €750,000, with the AP increasing the basic amount of the fine by €225,000 to the maximum of the penalty range due to the gravity and duration of the breach. The breach affected a large number of data subjects, including approximately 830,000 Dutch children under the age of 18 who were less aware of the risks and their rights in relation to the processing of their personal data.
TikTok Inc. and Dutch DPA
Press release/22 July 2021
Related deceptive patterns
The trick wording deceptive pattern takes advantage of user expectations and ambiguous language to mislead and deceive users. It is normal for users to scan-read when they are online, as a way to cope with the sheer volume of information they are faced with. This means they don't read and dwell on every word on every page. Trick wording usually takes advantage of the scan reading strategy, by making a piece of content look like it is saying one thing, when in fact it is saying something else that is not in the user's best interests.
Ensures transparent information and easy access for individuals to their personal data processing, with the right to obtain a copy in a clear and common format.
Specifies required information for data subjects when collecting personal data from other sources, including controller identity, processing purposes, personal data categories, recipients, and retention period.
Empowers supervisory authorities to carry out investigations and order controllers and processors to comply with the regulation.
Outlines conditions for fines and penalties for non-compliance, including up to 4% of global annual revenue or €20 million, whichever is greater.
Outlines the use and calculation of administrative fines for violations of privacy laws.