image source, Reuters
TikTok is under investigation by the Irish Data Protection Commission (DPC) - its main regulator in the EU - into two privacy issues.
The watchdog examines its handling of children's personal data, and whether TikTok complies with EU laws conencompassing the transfer of personal data to other countries, such as China.
TikTok has said privacy is "our highest priority ".
The Irish DPC has said it is specifically studying issues related to the GDPR.
It is EU privacy laws that can potentially lead to harm. 'huge fines of up to 4% of a company ' s global turnover.
He said the first survey would look at "processing of personal data ... for users under 18 and age verification measures for those under 13 ". It will also take a look at how transparent TikTok has been about how it handles this data.
This is not the first time that the Irish DPC has investigated such questions. In October 2020, he announced that 'he was studying Instagram ' s manage the personal data of children.
And Tiktok has already faced a UK class action lawsuit led by a former Children 's Commissioner.
The second survey announced this week is a problem more specific to TikTok.
These are "transfers by TikTok of personal data to China ", the DPC mentioned. TikTok is owned by Chinese company ByteDance and has been charged withrepeatedly share data with Chinese companies - or even the Chinese government, which the company vigorously denies.
During Donald Trump's presidency, it was almost banned in the United States - although this command has since been discontinued.
The DPC 's investigation focuses specifically on whether TikTok abides by EU rules on data transfers to so-called "third countries" - places that the EU has not given approval for with their privacy laws.
TikTok has already made a series of changes to its systems to defeat both allegations.
In January, it made all accounts under 16 private by default, as part of an offer to amimprove the safety of children on the Platform.
It was followed in July by removing millions of accounts that belonged to those under the age of 13, which are not supposed to be authorized on the platform at all.
And in August he announced that it would be no longer send push notifications to children's accounts at certain times of the day, saying it was designed to help children study, relax and to sleep.
In a statement, TikTok said: "We have put in place extensive policies and controls to protect user data and rely on approved methods for transferring data from the Europe, such as standard contractual clauses We intend to cooperate fully with the DPC. "
media caption WATCH: What is GDPR?
The Commissioner Data Irish plays a leading role in regulating many of the world's biggest tech companies, as the European headquarters of companies such as TikTok, Facebook and Google are all based in Ireland.
However, he has been accused by some of having a lax approach to law enforcement.
For example, he recently delivered WhatsApp the second biggest GDPR fine on record, of 225 million euros (£ 193 million).
He initially recommended a much lower fine of 30-50 million euros, but encountered objections from the de monitoring data from several other EU states. The disagreement was ultimately brought to an official EU board, which asked the Irish DPC to change its findings and impose a higher fine.
Max Schrems, a famous privacy advocate and recognized critic of the Irish regulator, said at the time, this incident "shows how extremely dysfunctional the DPC is still ".