An investigation found that in the latter half of 2020, TikTok's default settings didn't do enough to protect children's accounts.
CNN  — 

A major European tech regulator has ordered TikTok to pay a €345 million ($368 million) fine after ruling that the app failed to do enough to protect children.

The Irish Data Protection Commission, which oversees TikTok’s activities in the European Union, said Friday that the company had violated the bloc’s signature privacy law.

An investigation by the DPC found that in the latter half of 2020, TikTok’s default settings didn’t do enough to protect children’s accounts. For example, it said, newly-created children’s profiles were set to public by default, meaning anybody on the internet could view them.

TikTok didn’t sufficiently disclose these privacy risks to kids and also used so-called “dark patterns” to guide users toward giving up more of their personal information, the regulator noted.

In another violation of EU privacy law, a TikTok feature designed as a parental control and known as Family Pairing did not require that an adult overseeing a child’s account be verified as the child’s actual parent or guardian, the DPC said. The lapse meant that theoretically any adult could weaken a child’s privacy safeguards, the regulator said.

TikTok introduced Family Pairing in April 2020, allowing adults to link their accounts with child accounts to manage screen time, restrict unwanted content and limit direct messaging to children.

The DPC’s decision gives the company three months to rectify its violations and includes a formal reprimand.

TikTok didn’t immediately respond to CNN’s request for comment.

‘No longer relevant’

But in a blog post Friday, the company said it “respectfully” disagreed with several aspects of the ruling.