For TikTok’s legal and policy teams, privacy lawsuits and regulatory investigations have become a frenetic game of whack-a-mole: as one is put to bed in some part of the world, another pops up elsewhere. Or, indeed, two – as has happened this week in Ireland.
The country‘s Data Protection Commission has opened two inquiries into TikTok’s handling of data: one focusing on children (both how it handles data for 13-18 year-olds and how it age-verifies under-13s), and the other on transfers of personal data to China, and whether TikTok complies with the EU’s GDPR legislation.
How big a headache could these investigations be for TikTok? Big. The Data Protection Commission is actually the lead privacy regulator for the EU, and its inquiries have teeth. Earlier this month, for example, it fined WhatsApp €225m over its GDPR transparency obligations.
TikTok certainly won’t be taking the DPC’s new probes lightly.