TikTok has now paused its update that would have allowed for personalised ads without asking for users’ consent.
After receiving a “formal warning” from Italy’s data protection authority, TikTok has paused plans to update its privacy policy in Europe.
TikTok informed users last month that, as part of its update, people aged 18 and older in the EEA, UK and Switzerland would receive personalised ads based on their activity on the platform. Currently, users in these regions have to agree or opt in to get personalised advertising on the platform.
But the Italian watchdog warned yesterday (11 July) that the changes would be in breach of EU privacy laws.
TikTok’s planned policy change stated that the processing of personal data would not be based on consent, but on “legitimate interests”. The Italian authority said this term was vaguely defined by TikTok and such a legal basis would not be compatible with EU rules.
Although TikTok was not planning personalised ad changes for users under 18, the Italian watchdog also raised concerns that unsuitable content could be shown to children due to the difficulty establishing compliance with age requirements on the platform.
TikTok pauses privacy update
TikTok’s change was due to take place tomorrow (13 July), but the short-form video giant has now paused the privacy policy update following a discussion with the Irish Data Protection Commission (DPC), as first reported by TechCrunch.
“TikTok has now agreed to pause the application of the changes to allow for the DPC to carry out its analysis,” a DPC spokesperson told SiliconRepublic.com.
The spokesperson said the DPC sought detailed information from TikTok on the changes, which the Irish regulator “immediately consulted” all other EU data protection supervisory authorities on. The DPC is also investigating TikTok’s data transfers to China and how the platform processes children’s data.
A spokesperson for TikTok confirmed to TechCrunch that the company is “pausing the introduction of that part” of its privacy policy while it engages with stakeholders, but that it still believes “personalised advertising provides the best in-app experience” for users.
The Italian data protection authority had said that it acted under the EU’s ePrivacy directive to step in “directly and urgently” with its concerns. The regulator said it informed the European Data Protection Board and the DPC about its warning so they could consider further action.
Ireland’s DPC is the lead EU data supervisor for TikTok under GDPR as the social platform’s European headquarters are based in Dublin.
The DPC also acts as the lead supervisor for several major US tech players that have their European headquarters in Ireland. Last year, WhatsApp updated its privacy policy for users in Europe after receiving a fine from the Irish data watchdog.
But the DPC has also been criticised for how it handles GDPR complaints against Big Tech.
Updated, 1.59pm, 12 July 2022: A version of this article was published at 10.30am. It was updated at 1.59pm to include details of TikTok’s decision to pause the privacy policy update.
Updated, 3.41pm, 12 July 2022: The article was updated to include quotes from a DPC spokesperson.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.