The European Data Protection Board Comes To A Decision About Children On TikTok
The European Data Protection Board (EDPB), a body providing guidance to all the EU data protection authorities, has made a resolution on a GDPR conflict involving a preliminary decision by the Irish Data Protection Authority (DPA) regarding TikTok Technology Limited (TTL). This decisive ruling addresses legal concerns that emerged from disagreements over the initial decision made by the Irish DPA, which is the primary supervisory authority responsible for TTL. The EDPB's binding decision is aimed at ensuring consistent and accurate application of the GDPR by national Data Protection Authorities (DPAs).
The Irish DPA issued this initial decision after conducting an independent inquiry into how TTL handles the personal information of registered users on TikTok aged between 13 and 17. The inquiry also explored specific issues relating to TTL's management of personal data of children under the age of 13. Given that DPAs could not agree on the objections raised, the EDPB was called upon to mediate the dispute among these authorities within a two-month timeframe.
The objections put forward mainly revolved around whether there were breaches in adhering to data protection principles regarding age verification and whether fairness principles were upheld in certain design practices.
The Lead Supervisory Authority (LSA), which is the Irish DPA in this case, will finalize its official decision aimed at the entity (TTL) based on the binding decision from the EDPB. This process will incorporate the legal assessment provided by the EDPB and should be concluded within one month of the EDPB's notification. The EDPB will publish its decision on its official website once the LSA has conveyed its national decision to TTL, and if needed, made any necessary redactions as per the EDPB's Binding Decision.
Read more about privacy by design and default.
How can we help you?
Get in touch and find out how we can help you achieve your goals