Tech

Ireland probes TikTok’s handling of kids’ data and transfers to China – TechCrunch

The Irish Data Protection Commission (DPC) has another “Big Tech” GDPR probe to add That mountain: Regulator Said yesterday We have started two studies on the video sharing platform TikTok.

The first explains how TikTok handles children’s data and whether it complies with the European General Data Protection Regulation.

DPC will also investigate the transfer of TikTok’s personal data to China, where the parent company is based, to see if the company meets the requirements set out in the regulations for the transfer of personal data to third countries. Stated.

TikTok was contacted for comment on the DPC investigation.

A spokeswoman told us:

“The privacy and security of the TikTok community, especially the youngest members, is a top priority. Extensive to protect user data and rely on approved methods of data transferred from Europe, such as standard contractual terms. We have implemented policies and controls. We will fully cooperate with DPC. “

The announcement of two “voluntary” investigations by Irish regulators expressed concern about how TikTok handles user data in general, specifically child information. Under pressure from other EU data protection authorities and consumer protection groups.

This in italy January, TikTok was ordered to reconfirm the ages of all users in the country after the data protection watchdog began emergency procedures with GDPR authority following child safety concerns.

TikTok continued to adhere to orders — Delete over 500,000 accounts If you cannot confirm that the user is not a child.

European consumer protection groups also this year Many children’s safety and privacy concerns about the platform.. When, May, EU lawmakers said they would check the company’s terms of service.

For your child’s data, the GDPR puts restrictions on how your child’s information is processed and age limits on your child’s ability to consent to the use of the data. Age limits vary by EU member state, but there is a strict limit on the ability of a child to agree at age 13 (some EU countries have set an age limit of 16).

In response to the announcement of the DPC inquiry, TikTok pointed out the use of age-gating technology and other strategies used to detect and remove underage users from the platform.

I also set some flags Recent changes It is built around your child’s account and data. For example, you can invert the default settings to make your account privacy the default, or limit your exposure to certain features that deliberately facilitate interaction with other TikTok users if you’re 16 or older.

It claims to use “approved methods” during international data transfer. However, this figure is considerably more complicated than the TikTok statement suggests. Transferring European data to China is complicated by the lack of an EU data validity agreement with China.

In the case of TikTok, that is, in order for the transfer of personal data to China to be legal, additional “appropriate safeguards” must be in place to protect the information to the required EU standards.

Without proper arrangements, data managers may rely on mechanisms such as standard contractual clauses (SCCs) and binding corporate rules (BCRs). A statement from TikTok states that it uses SCC.

But, importantly, the transfer of personal data from the EU to third countries has faced significant legal uncertainty since the CJEU’s groundbreaking ruling and has been scrutinized. last year This invalidates major data transfer arrangements between the US and the EU, and DPA (such as the Irish DPC) intervenes and suspends transfers when people’s data is suspected to be flowing to a third country. It became clear that there was an obligation to stop. dangerous.

Therefore, the CJEU did not completely disable mechanisms like the SCC, but basically all international transfers to third countries need to be evaluated on a case-by-case basis, and the DPA is concerned. He said he needed to intervene and pause those unsafe data if he did. flow.

The fact that the CJEU ruling uses a mechanism like SCC does not mean anything about the legality of a particular data transfer. It is also pressing EU institutions such as Ireland’s DPC to actively assess high-risk data flows.

Final guidance issued by European Data Protection CommissionProvides details of so-called “special measures” that can be applied earlier this year to increase the level of protection for certain transfers and allow information to be legally brought to third countries. ..

However, these steps may include technical measures such as strong encryption. Given how social media companies like TikTok can customize the content that platforms and algorithms continuously mine and display user data, it’s not clear how such fixes can be applied. To keep them attracted to TikTok’s advertising platform.

In another recent development, China is just First data protection law passed..

But again, this is unlikely to change significantly with the EU transfer. The ongoing diversion of personal data by the Communist Party administration through the application of drastic digital surveillance means that it is almost impossible for China to meet the EU’s stringent requirements for data validity. To do. (And if the United States couldn’t get the EU’s relevance, it was “interesting” geopolitical optics, and politely, a coveted position to be given to China …)

One factor that TikTok can keep in mind is that TikTok is likely to be on the side when it comes to EU enforcement of data protection rules.

The Irish DPC has a huge backlog of cross-border GDPR investigations against many tech giants.

Was free Early this month The Irish regulator finally made the first decision on a Facebook-owned company — announced a $ 267 million fine on WhatsApp for violating the GDPR’s transparency rules. (However, a few years after the first complaint was filed).

DPC’s first decision in a cross-border GDPR proceeding related to Big Tech has arrived At the end of last year — The year the GDPR began to be technically applied when Twitter was fined $ 550,000 for data breaches dating back to 2018.

Irish regulators have a number of undecided proceedings against major tech companies such as Apple and Facebook. This means that the new TikTok probe is behind a highly criticized bottleneck. And decisions about these probes are unlikely for years.

Regarding children’s data, TikTok may face faster scrutiny elsewhere in Europe. The UK has added some “gold plating” to the EUGDPR version in the field of children’s data — and From this monthStates that it expects the platform to meet the recommended criteria.

Platforms that are not fully compliant with the Age Appropriate Design Code warn that they may face penalties under the UK GDPR. The UK code is said to encourage many recent changes in how social media platforms handle children’s data and accounts.

Ireland probes TikTok’s handling of kids’ data and transfers to China – TechCrunch Source link Ireland probes TikTok’s handling of kids’ data and transfers to China – TechCrunch

Related Articles

Back to top button