European regulators have fined TikTok a staggering $368 million for failing to protect children's privacy, marking the first time the popular short video-sharing app has been penalized for breaching Europe's stringent data privacy rules. The fine was issued by Ireland's Data Protection Commission, which serves as the lead privacy regulator for Big Tech companies with European headquarters in Dublin.

The violations in question occurred during the second half of 2020. The investigation revealed that TikTok's sign-up process for teen users automatically set their accounts to public by default, allowing anyone to view and comment on their videos. This default setting posed a risk to children under the age of 13, who were able to access the platform despite not being permitted to do so.

Additionally, a family pairing feature intended to enable parents to manage settings fell short, as it allowed adults to activate direct messaging for users aged 16 and 17 without their explicit consent. Teen users were also nudged towards more intrusive privacy options during the sign-up and video posting processes.

TikTok expressed its disagreement with the decision, particularly objecting to the level of the imposed fine. The company emphasized that the regulator's criticisms focused on features and settings that date back three years.

TikTok claimed that it had already implemented significant changes, such as making all accounts for users under the age of 16 private by default and disabling direct messaging for users aged 13 to 15, well before the investigation commenced in September 2021.

The Irish regulator has faced criticism for not expediting its investigations into Big Tech companies since the implementation of EU privacy laws in 2018. In the case of TikTok, German and Italian regulators voiced their disagreements with certain aspects of a draft decision issued a year ago, leading to further delays.

To streamline the process and prevent future bottlenecks, the 27-nation bloc's headquarters in Brussels has been assigned the responsibility of enforcing new regulations aimed at promoting digital competition and ensuring the cleanliness of social media content, in a bid to maintain its position as a global leader in tech regulation.

In response to initial objections raised by German regulators, Europe's top panel of data regulators underscored TikTok's utilization of pop-up notices that failed to present users, particularly children, with choices in an unbiased and objective manner.

The European Data Protection Board's chair, Anu Talus, stressed the responsibility of social media companies to avoid presenting choices in an unfair manner, especially if those presentations could steer users towards decisions that infringe upon their privacy interests. Furthermore, the Irish watchdog examined TikTok's measures to verify the age of its users and determined that they did not violate any rules.

However, a second investigation is still underway to assess whether TikTok complied with the European Union's General Data Protection Regulation while transferring users' personal information to China, where its parent company, ByteDance, is headquartered. TikTok has faced allegations of being a security risk due to concerns that users' sensitive information could be accessed by China.

In response, the company has initiated a project to localize European user data, opening a data center in Dublin this month, the first of three planned centers on the continent.

Notably, the British data privacy regulators, who operate independently of the EU since the country's departure from the union in January 2020, fined TikTok £12.7 million ($15.7 million) in April for misusing children's data and infringing upon other protections regarding young users' personal information.

The Irish regulator has also levied significant fines against other tech giants, including Instagram, WhatsApp, and their parent company Meta, over the past year.