Today, the Danish Data Protection Agency has opened a case against TikTok to clarify whether the service complies with the GDPR rules.
The Danish Data Protection Agency has today begun an investigation into the video app TikTok. The aim is to find out if the service complies with data protection rules.
“TikTok is very popular with children in particular who are entitled to special protection for their information under the GDPR. Therefore, we are now looking at the extent of the processing of personal data that occurs in the app and at what is the legal basis for processing. In addition, we are investigating a number of security aspects of TikTok,”” said Cristina Angela Gulisano, Director of the Danish Data Protection Agency.
This is a so-called self-operating matter, which the Danish Data Protection Agency may choose to open. Self-operating cases – in line with supervisory visits, complaints handling and processing of notifications of personal data breaches – is one of the options available to the Danish Data Protection Agency to ensure that The Danes’ personal data is looked after.
In this case, when the Danish Data Protection Agency can itself initiate a self-operation case directly against a data controller operating internationally, it is because the platform does not currently have a headquarters established in Europe. A large number of global services are headquartered in Ireland, which is why, in these cases, it is the Irish Data Protection Authority that is the so-called lead supervisory authority on behalf of the other European supervisory authorities.