• EN - English
  • IT - italiano
Parliamentary question - E-002448/2022(ASW)Parliamentary question

Answer given by Mr Reynders on behalf of the European Commission

The monitoring and enforcement of compliance with EU data protection rules by companies falls in principle within the competence of Member States, in particular their data protection authorities (DPAs) and courts.

The data practices of TikTok are the object of several decisions and ongoing proceedings. This includes a 2021 decision of the Dutch DPA that fined TikTok for violating children’s privacy[1] and an investigation by the Irish DPA about TikTok’s compliance with several General Data Protection Regulation[2] requirements, including as regards data transfers to China and the processing of data of minors[3].

There is also ongoing litigation before the Dutch courts (in particular concerning targeted advertising regarding minors and data transfers to China).

Finally, a few weeks ago, the Italian DPA adopted a decision requiring TikTok not to target users or send personalised ads without their express consent[4]. The Spanish DPA started an investigation on a similar issue.

Since 2018, the Commission put in place a strategy to tackle disinformation broadly. A key element thereof is the strengthened Code of Practice on Disinformation[5], signed in June 2022, which includes commitments to limit the spread of disinformation online while upholding the fundamental right of freedom of expression.

TikTok is a signatory of this Code. Under this framework, the Commission monitored the actions taken by major online platforms (including TikTok) to tackle disinformation during the pandemic and with respect to the Russian aggression to Ukraine.

This Code aims to evolve into a Code of Conduct under the Digital Services Act. This Act will introduce new obligations for online platforms, including a prohibition to present ads based on profiling to minors.

Last updated: 12 September 2022
Legal notice - Privacy policy