Ireland: Issued Data Protection Commission ruling in investigation intoTikTok's children's data processing practices compliance with GDPR

On 1 September 2023, the Data Protection Commission (DPC) issued its ruling in the investigation into TikTok's children's data processing practices compliance with the General Data Protection Regulation (GDPR). The DPC imposed a EUR 345 million fine on Tiktok over GDPR violations and issued an order requiring the company to change its children's data processing practices to ensure compliance with the laws within 3 months. During its investigation, the DPC investigated the TikTok platform settings, such as public-by-default settings, "Family Pairing", age verification mechanisms and compliance with the transparency obligations. The DPC determined that TikTok failed to comply with the data protection by design and by default and transparency regarding data subject rights requirements and has not implemented appropriate technical and organisational measures to ensure compliance with GDPR.