TikTok Data Management Being Investigated by CNIL in France

It has been revealed that the data protection authority in France, the CNIL, is about to review the data operations of TikTok.

TikTok has been trying to appoint the Data Protection Commission (DPC) in Ireland as its lead authority in Europe. It has done so by establishing a base in Ireland to manage private data for EU-based users. Due to this the group believes that the investigation in France may be deemed invalid. The DPC is thought to be much more lenient when it comes to issuing judgements inrelation to alleged General Data Protection regulation (GDPR) breaches.

GDPR legislation states that the data protection authorities of EU member states have the authority to sanction fines as high as 4% of a company’s global annual turnover and can also order infringing data processing to come to a halt.

A CNIL representative has said that the body is looking into data operations of TikTok since May this year following a complaint that they received from a French citizen in relation to a video deletion request.  The spokeswoman said that investigation has now grown and is looking into concerns related to transparency requirements regarding the processing of user data; users’ data access rights. transfers of user data outside the EU and steps the platform takes to see to it that the data of minors is adequately safegiarded, given the app’s popularity with teens.  French data protection law allows minors to consent to the processing of their data for social media platforms like TikTok once they are 15 years old or younger if parental consent is supplied.

The CNIL’s spokeswoman said: “The [TikTok] investigations could therefore ultimately be the sole responsibility of the Irish protection authority, which will have to deal with the case in cooperation with the other European data protection authorities. To come under the sole jurisdiction of the Irish authority and not of each of the authorities, Tiktok will nevertheless have to prove that its establishment in Ireland fulfils the conditions of a ‘principal establishment’ within the meaning of the GDPR.”

TikTok repsonded saying: “TikTok’s top priority is protecting our users’ privacy and safety. We are aware of CNIL’s investigation and are fully cooperating with them.”

Author: Elizabeth Hernandez

Elizabeth Hernandez works as a reporter for NetSec.news. Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: https://twitter.com/ElizabethHzone