TikTok’s latest GDPR breach could cost them up to $376M

TikTok are involved in yet another data breach fine following a £12.7 million fine by the UK for illegally processing the data of 1.4m children under 13.

The video-sharing platform is being fined by the European Data Protection Board after they reached a decision over the platform’s processing of child data.

The investigation opened in 2021 by the data protection commissioner in Ireland into TikTok’s level of compliance with the EU’s general data protection regulation

The fine is expected to be issued in the next four weeks, but what exactly could the value of that fine be? GDPR and compliance expert, and Director of Skillcast, Vivek Dodd, shares just how high it could be, and how GDPR fines are calculated.

“Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest.” Vivek states.

“There are a number of factors that influence the size of the penalty, all of which are examined by the EDPB ahead of the issuing of the fine in September.” Vivek has outlined the eight factors that will be considered.

  1. Gravity, nature & duration of breach

  2. Personal data categories affected

  3. Negligent or intentional infringement

  4. Actions taken to mitigate the damage

  5. Degree of responsibility of data controller/processor

  6. Previous data breach infringements

  7. Cooperation with supervisory authorities

  8. Aggravating or mitigating factors (e.g. financial benefits gained from the infringement)

Considering all eight factors, Vivek adds, “Given TikTok’s previous fines earlier this year and the fact it’s data of those under 13 years-old, it wouldn’t be a surprise if the platform faces a huge fine. 4% of TikTok’s annual global turnover could equate to $376 million if we use BusinessofApps’ estimated $9.4 billion in annual revenue for TikTok in 2022.”

Discover the common data breaches in businesses and how you can prevent a huge fine like TikTok with Skillcast.