TikTok fined €750,000 by Dutch DPA for violating children's privacy
The Dutch DPA concluded TikTok breached children’s privacy rules and fined the company €750,000 on 22 July 2021 for failing to provide adequate, Dutch-language and child-readable privacy information. The DPA reported that TikTok implemented some changes but that issues such as age misrepresentation and other potential infringements were referred to the Irish Data Protection Commission. TikTok lodged an objection to the fine.
The DPA found TikTok failed to give Dutch children a clear, understandable explanation of how the app collects and uses their personal data.
Key facts
- What
- The Dutch DPA concluded TikTok breached children’s privacy rules and fined the company €750,000 on 22 July 2021 for failing to provide adequate, Dutch-language and child-readable privacy information.
- Incident date
- Jul 22, 2021
- Who
- TikTok (Netherlands)
- Failure mode
- Policy Violation
- AI surface
- Agentic Workflow
- Severity
- High
What happened
On 2021-07-22 the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) imposed a €750,000 fine on TikTok for violating the privacy of young children. The DPA found that TikTok did not provide its privacy information in Dutch and that notices were not readily understandable to children. The DPA noted remaining issues such as children misrepresenting age and transferred further aspects of the investigation to the Irish Data Protection Commission; TikTok lodged an objection to the fine.
What broke inside the model
- 01 · TriggerA prompt pushes against a deployment boundary.
- 02 · Model stepThe model produces the disallowed output.
- 03 · Control gapNo enforcement blocks it at generation time.
- 04 · FailureThe output crosses the policy line.
- 05 · ConsequenceA limit the business set is breached in public.
The output crosses a policy boundary the deployment had defined.
The regulator determined that transparency obligations failed: privacy notices and installation information were not offered in Dutch and were not drafted in language intelligible to children, preventing users from understanding how their data was collected and used. The DPA also identified weaknesses around account age information and safeguards for minors which increased privacy risks for child users.
What it cost
Sources
- PrimaryDecision to impose a fine on TikTokautoriteitpersoonsgegevens.nl
- PrimaryDutch DPA: TikTok fined for violating children's privacyedpb.europa.eu
- PressDutch data protection authority fines TikTok over privacynews4jax.com
Cite this entry
https://failureindex.ai/failures/tiktok-fined-750-000-dutch-dpaAI Failure Index. "TikTok fined €750,000 by Dutch DPA for violating children's privacy" (FI-0447). Realm Labs. https://failureindex.ai/failures/tiktok-fined-750-000-dutch-dpa (indexed Jun 10, 2026).Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0447. Full dataset at /data.
Note from Realm Labs, the Index steward
How Realm would have caught this
- Prism
- OmniGuard
Realm compares what the model is about to output or do against the policy that governs the deployment, in real time, and can deny or redact the action before it takes effect, which is the gap an after-the-fact review never closes in time.