At a glance.
- UK fines TikTok for misuse of child data.
- Startups expose data of patients in alcohol recovery.
UK fines TikTok for misuse of child data.
As nations across the world consider banning TikTok, Britain's Information Commissioner's Office (ICO) announced yesterday that it is fining the social media platform 12.7 million pounds for violating child data protection laws. The data watchdog says the video-streaming giant allowed up to 1.4 million British children under 13 to use the platform in 2020, despite the fact that this goes against TikTok’s minimum age requirements. As well, Reuters reports, the data of these minors may have been used without parental consent to track their activities and present them with potentially inappropriate content. Information Commissioner John Edwards stated, "There are laws in place to make sure our children are as safe in the digital world as they are in the physical world. TikTok did not abide by those laws." Politico notes that TikTok senior staff have recently expressed concerns about minors using the app. Edwards added, “TikTok should have known better. TikTok should have done better. Our £12.7m fine reflects the serious impact their failures may have had.” TikTok says it disagrees with the ruling, stating "We invest heavily to help keep under 13s off the platform and our 40,000 strong safety team works around the clock to help keep the platform safe for our community. We will continue to review the decision and are considering next steps." However, a TikTok spokesperson did say they were grateful that the fine was reduced from the 27 million pounds initially estimated by the ICO in September after the commissioner removed one of its provisional findings that TikTok had unlawfully used “special category data.” Nonetheless, the fine is among the largest the ICO has ever issued.
Eve Maler, CTO of ForgeRock, wrote to describe the implications of pervasive exposure to social media in childhood. “Children today grow up in a world surrounded by connected devices and smart technology, using an ecosystem of services. The rise in popularity of certain social media apps brings new challenges to children’s data privacy as children can easily submit false information to access age-restricted content," she wrote. "Given today’s regulatory environment and the decreasing tolerance for abusive or inappropriate online experiences for children, it’s fair to say that services that do not verify a user’s age are doing things very “wrong.” To better protect children, enterprises must balance knowing enough information about these users and knowing too much, as well as ensuring that parents and guardians have the ability to consent to the right level of data sharing so that children are receiving the right kind of content.”
Startups expose data of patients in alcohol recovery.
Online alcohol recovery platforms Monument and Tempest were found to be sharing personal patient data with advertisers without consent since 2017. Tempest was acquired by Monument last year, and the companies confirmed the years-long data leak was the result of the use of third-party tracking systems developed by ad giants including Facebook, Google, Microsoft and Pinterest. TechCrunch notes that these companies are not the first to fall into this trap, but the exposure of the sensitive data of over 100,000 individuals in addiction recovery is undeniably a large misstep, especially given that Monument’s website claims patient data is “protected” and used only by its care staff. The data shared included patient names, dates of birth, email addresses, street addresses, ID photos, service and plan details, and assessment and survey responses that include details about the individuals’ alcohol consumption. The companies say they have deactivated the trackers used to share the data, but the advertisers who received the data are not being required to delete it.