TikTok Limited – €345,000,000 Fine (Ireland, 2023)

€345,000,000Data Protection Commission1 September 2023Ireland
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

TikTok was fined €345 million for not protecting children's privacy properly. The platform allowed child users' profiles to be public by default and failed to inform them about how their data was used. This case is a wake-up call for social media companies to prioritize user safety.

What happened

TikTok set child users' profiles to public by default and did not provide adequate information about data processing.

Who was affected

Child users of TikTok whose profiles were publicly accessible and whose data was not adequately protected.

What the authority found

The Irish DPA found that TikTok did not implement necessary measures to protect children's personal data, violating GDPR requirements.

Why this matters

This ruling underscores the responsibility of social media platforms to safeguard children's data and ensure transparency. It signals that companies must enhance their privacy practices, especially when dealing with minors.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 12(1) GDPR
Art. 13(1)(e) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
View original scraped data
Art. 5(1)(c) GDPR
5 (1) f) GDPR
Art. 12(1) GDPR
Art. 13(1)(e) GDPR
Art. 24(1) GDPR
Art. 25(1) GDPR
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
verified correct
Ireland enforcementData Protection Commission actionsAll TikTok Limited actions
Full Legal Summary
Detailed

The Irish DPA (DPC), has imposed a fine of EUR 345 million on TikTok Limited. The DPC conducted an investigation primarily focused on the processing of personal data between July 31, 2020, and December 31, 2020. During their investigation, the DPC found that the profiles of child users were set to public access by default. As a result, the DPC concluded that TikTok had failed to implement appropriate technical and organizational measures to ensure that only necessary personal data was being processed. Furthermore, the DPC noted that the 'Family Pairing' feature, which allowed non-child users to link their accounts with those of child users, posed a security risk to the personal data of children. Additionally, TikTok failed to provide child users with information about the categories of recipients of their personal data and clear, understandable information on the scope and implications of data processing. The DPC also found that TikTok introduced so-called 'dark patterns,' leading users to frequently opt for less privacy-friendly options during registration and when posting videos on the platform. In addition to the fine, the DPC issued an order requiring TikTok to bring its processing activities in line with the GDPR within three months.

Related Enforcement Actions (0)

No other enforcement actions found for TikTok Limited in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 September 2023

Authority

Data Protection Commission

Fine Amount

€345,000,000

Enforcement Tracker ID

ETid-2032

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. TikTok Limited - Ireland (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: