In September, Instagram was fined over the protection of children’s data. TikTok may now be facing a similar fate.

Investigations by the Information Commissioners Office (ICO) in the United Kingdom (UK) have found that TikTok, the video-sharing App, may have breached the UK data protection law between 2018 and 2020.

The ICO issued TikTok with a “notice of intent”, a precursor to handing down a potential fine, which could be up to £27 million. If TikTok were to be fined this amount, it would be the largest in the ICO’s history, exceeding the record of £20 million which was handed to British Airways two years ago after an incident in 2018 that saw the personal details of more than 400 000 customers compromised by hackers.

The ICO’s provisional view is that TikTok may have processed the data of children under the age of 13 without parental consent and failed to provide proper information to its users in a “concise, transparent and easily understood way.” Furthermore, TikTok may have processed special categories of personal data without legal grounds to do so.

The information commissioner said that “companies providing digital services have a legal duty to put those protections in place but our provisional view is that TikTok fell short of meeting that requirement.” TikTok said it disagreed with the ICO’s provisional finding and would make a formal response challenging the findings of the investigations. Upon receipt of these representations, the ICO will reach a conclusion.

Do you have questions about complying with the (UK) GDPR? Contact us, the Experts in Data Privacy, at for assistance.



TikTok could face £27m fine for failing to protect children’s privacy