The EDPB has adopted a binding decision on TikTok’s processing of children’s personal data, and on this basis, the Irish Data Protection Authority must now make a final decision.

At the latest meeting of the European Data Protection Board (EDPB), the members of the EDPB adopted a new binding decision in a dispute resolution case that has now been settled under the procedure in Article 65 of the General Data Protection Regulation.

The decision concerns the Irish Data Protection Authority’s draft decision in a case against TikTok. The EDPB’s decision addresses several objections raised by concerned supervisory authorities against the draft decision of the Irish supervisory authority as lead supervisory authority.

In the draft decision, the Irish supervisory authority has examined TikTok’s processing of personal data of registered TikTok users between 13 and 17 years of age, as well as certain issues regarding TikTok’s processing of personal data of children under 13 years of age.

The objections to the Irish decision concerned, among other things, whether TikTok had violated data protection rules through design and default settings in relation to age verification and whether there had been a violation of the principle of fairness.

The Irish Data Protection Authority now has one month to make their final decision based on the EDPB’s binding decision.

Read the EDPB’s press release here.

https://www.datatilsynet.dk/internationalt/internationalt-nyt/2023/aug/bindende-afgoerelse-om-tiktok