The DPC has launched two inquiries to investigate if TikTok is GDPR compliant. Watch today's #MorningMusings to find out more!
Like our Morning Musings? Consider getting your own Morning Musing book here: https://www.amazon.com/Morning-Musings-Reflections-Thoughts-Business/dp/B08DPVSR8K/ref=sr_1_2?dchild=1&keywords=morning+musings&qid=1599059585&sr=8-2
Is TikTok GDPR compliant? Hello, this is Reinhard von Hennigs. GDPR, the European data protection guideline, and TikTok maybe two different concepts from two different parts of the universe. But, the question remains is TikTok compliant? And the answer is out. The Irish data protection commission, the so-called DPC has commenced a two-check test, a two-check inquiry on TikTok, limited to the Irish company with regard to compliance with the GDPR.
The first inquiry will examine the details of which TikTok uses age verification of its users as TikTok has banned users below the age of 13. So how does TikTok weed that out? How does TikTok stores data from the 13 to 18-year-old is a question also first inquiry? The second one is related to the focus on the transfer of personal data to China.
China allegedly has the server capacity, and all the personal data is somewhere routed towards China. How is this done or how is done in third countries is a part of the second inquiry. What are the main takeaways? Number one, whether TikTok is in violation of the European data protection laws shall not matter for the answer. Therefore, number two.
What can you do as a company? If you're working abroad and you have no European subsidiary, you are still subject to the GDPR. Number three, if you are operating inside the European Union with an EU subsidiary, and you're operating in good faith, all of the GDPR guidelines apply to you. So in a way, whether you are with a subsidiary or whether you are without a subsidiary, you still need to follow these guidelines.
So therefore my takeaway is if you want to avoid liability from a GDPR point of view, it does not make sense not to incorporate. So in other words, follow the law is a better strategy than making an avoidance attempt in not incorporating there. GDPR is powerful and after many years in existence, the fines are tremendous. So, therefore, follow GDPR is my key advice.