In September 2021, DPC Ireland started a review into TikTok Technology Limited’s handling of children’s data. They have now submitted a draft decision on the investigation to other EU regulatory bodies. These other bodies will then be able to review the decision and put forward any objections they may have.
The review started a year ago when the DPC started to investigate how the social media giant processes children’s personal data and whether this complies with EU data privacy requirements.
The DPC stated that the investigation focuses on “processing of child users’ personal data in the context of the platform settings of the TikTok platform.” Specifically they have paid attention to the age verification processes for those under 13 and public-by-default data-processing settings for minors under 18. They have also considered whether TikTok complied with GDPR’s transparency obligations with regards to the processing of personal data of users under 18.
The data agency has not commented on what kind of regulatory action will be taken against TikTok yet. Under Article 60 of the GDPR, a final decision will be ready after the draft decision is reviewed and commented on by other EU data protection commissions.
“The DPC has submitted a draft decision to other Concerned Supervisory Authorities across the EU in this TikTok inquiry and they have one month to review this draft decision and to raise any ‘relevant and reasoned objections’ that they may have. We cannot comment on the content of the draft decision as the regulatory procedure is ongoing,”https://today.westlaw.com/Document/Ic7f43e41392111ed9f24ec7b211d8087/View/FullText.html?transitionType=CategoryPageItem&contextData=(sc.Default)&firstPage=true#:~:text=(September%2020%2C%202022)%20%2D,Union%20regulatory%20bodies%20for%20consideration.
If after one month there are no objections the decision will become final and be published and announced to the public. Should any objections come up Ireland’s DPC will work with the objecting organization to resolve the matter. If a resolution cannot be achieved it will be forwarded to the European Data Protection Board.