TikTok Information Technologies UK Limited and TikTok Inc (TikTok) were fined £12,700,000 by
the Information Commissioner’s Office (ICO) for a number of data protection legislation
violations, including failing to use children’s personal data legitimately.
Despite its own policies prohibiting children under 13 from opening an account, the ICO
estimates that TikTok allowed up to 1.4 million UK children under 13 to use the site in 2020.
According to UK data protection law, organizations that provide information society services to
children under 13 must acquire parental or guardian agreements before using personal data
- The UK General Data Protection Regulation (UK GDPR) was broken by TikTok between May2018 and July 2020 in the following ways, according to the ICO:
- Offering its services to children under the age of 13 in the UK and processing their personal information without their parents’ or guardians’ permission;
- Failing to adequately notify platform users about how their data is collected, utilized, and shared in a clear and understandable manner. Without that knowledge, platform users—especially young users were unlikely to be able to decide for themselves whether and how to interact with it;
- Failing to make sure that the personal data of its UK users were handled fairly, lawfully, and in an open manner.
There has been a lot of controversy and heated debates on the use of this platform by minors.The majority of people believe this site is highly inappropriate for minors to use and believe. serious measures should be set in place to protect minors. This begs the question, does Kenya have laws or regulations to safeguard minors’ interests in online platforms such as Tik Tok?
KENYAN LEGAL FRAMEWORK
The Data Protection Act of 2019 defines sensitive personal data as revealing the names of a
person’s children. It further states that one cannot process the personal data of a child without
parental consent or unless it advances the best interests of a child. 2 Additionally, the Act states
that a data processor or controller should set in place mechanisms for age verification and
consent to process a child’s personal data namely;
- Available technology;
- Volume of personal data processed;
- Proportion of such personal data likely to be that of a child;
- Possibility of harm to a child arising out of the processing of personal data; and
- Such other factors as may be specified by the Data Commissioner.
The are various harmful activities that can arise from the use of TikTok by minors which include;
- Grooming – defined in the Children’s Act 2022 as the establishment of a relationship through electronic means to manipulate a child and facilitate sexual contact.
- Online abuse, harassment, or exploitation in which minors may be subjected to cyberbullying and stalking from adults.
- Child pornography – this is where a minor’s photos or images may be used and distributed for sexual purposes and is an offence as per the Computer, Cybercrimes and Misuse Act 2018.
This is the main reason why the Office of the Data Protection Commissioner as established
under Section 5 of the Data Protection Act has the following powers;
- Promote self-regulation among data controllers and data processors;
- Conduct an assessment, on its own initiative of a public or private body, or at the request of a private or public body for the purpose of ascertaining whether the information is processed according to the provisions of this Act or any other relevant law;
- Receive and investigate any complaint by any person on infringements of the rights under this Act;
- Conduct inspections of public and private entities with a view to evaluating the processing of personal data.
The Data Protection Commissioner is thus mandated by law to ensure that TikTok and other
online platforms create mechanisms to protect the data of children using their platforms and
regulate the content that they view.
Kenya has the necessary legal framework to protect data of the minors. It is up to the Kenyan
public to raise issues or file a complaint against these online platforms if there are no
mechanisms to safeguard our children. Finally, the Data Protection Commissioner is legally
obliged to compel these platforms to protect children and raise punitive measures against
platforms that fail to do so.
Data Protection Act 2019
Children’s Act 2022
Computer and Cybercrimes and Misuse Act 2018.