TikTok monetary penalty notice
15 May 2023
If and to the extent that the law applicable is the GDPR as originally enacted rather than the UK GDPR, then references to the UK GDPR are to be read as references to the corresponding provisions of the GDPR. [...] In the course of the ICO's investigation, TikTok described the self certification process as follows: 20 "In the UK, TikTok does not permit users under the age of 13 to use the App, as specified in our Terms of Service and Community Guidelines. [...] The provisions of the DPA and UK GDPR applied to the processing of personal data by both TikTok Inc and TikTok Limited during the Relevant Period, on the following basis: a. [...] 30 2 of the MPN, is reasonable and proportionate, given the uncertainty involved, not least due to TikTok's refusal to provide its own best estimate of the number of underage TikTok users, and appropriate in order to establish the scale of the issue. [...] The Commissioner considers that each of the two conditions was in itself sufficient to alert TikTok to the real risk of the account holder being underage, and ought to have prompted TikTok to take action, such as at the very least contacting the account holder for the purposes of verifying his or her age.