Douyin Tiktok fined 750,000 euros for violating GDPR because it only provides privacy terms in English? !

The Dutch personal information authority has developed 750,000 euros for Douyin TIKTOK headquartered in California, USA, because they only provide the English version of the user privacy policy!

Douyin TIKTOK collects personal data of EU users

The Douyin TIKTOK app is an app that allows users to create, edit and share short videos. And the Douyin TIKTOK app processes a large amount of personal data, including user IDs (user IDs), names/nicknames, user settings, user-created content (videos, messages, content), IP addresses, mobile communication devices (mobile phones) etc.), time zone setting, app version, mobile phone model, mobile phone system, network connection method, mobile phone ID and app ID and other personal information. And a large number of children under the age of 16 or even about 12 years old use the Douyin TIKTOK app.

Douyin TIKTOK has no obligation to disclose complete personal information

When users create a Douyin TIKTOK account, they must agree to Douyin's privacy terms, however, the Dutch personal information authority found that between May 2018 and July 2020, these privacy terms were only available in English.

Such measures violate the transparency obligation of Article 12(1) GDPR regarding personal information disclosure.

The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

Article 12 Transparent information, communication and modalities for the exercise of the rights of the data subject

Article 12(1) GDPR regulates that the controller shall take reasonable steps to provide all data related to the processing of personal data, and shall do so in a specific, transparent and accessible form, and in clear and approachable language, in particular for the object of personal data collection When including children.

And in point 14 of the Guidlines on Transparency issued under the GDPR, it requires that in order for people under 18 and children to know what rights they have and what information they provide, words that resonate with children must be used.

14. Where a data controller is targeting children16 or is, or should be, aware that their goods/ services are particularly utilized by children (including where the controller is relying on the consent of the child) 17, it should ensure that the vocabulary, tone and style of the language used is appropriate to and resonates with children so that the child addressee of the information recognizes that the message/ information is being directed at them18. A useful example of child-centred language used as an alternative to the original legal language can be found in the “UN Convention on the Rights of the Child in Child Friendly Language”

Guidelines on transparency

Therefore, Douyin TIKTOK must clearly identify the characteristics, age and special needs of its potential audience. Therefore, Douyin TIKTOK is obliged to write their understandable privacy terms for teenagers and even children. Regardless of the degree to which the vernacular should be used for the time being, the use of the English-only version is a violation of the notification obligation for the collection, processing and use of personal information!

The Dutch personal information authority fined Douyin TIKTOK 750,000 euros (about 25 million Taiwan dollars).

The punishment of TikTok by EU countries is only the first step. Since TIKTOK has established a company in Ireland from 2020, Ireland is currently under investigation for other violations of GDPR by TIKTOK. In the future, it is not ruled out that the Irish personal information authority will continue to impose fines on Douyin TIKTOK!

Original link: Kai's Lawlawland