Today, Ireland’s Data Protection Commission (DPC) announced a €345 million (around $367 million) fine on TikTok for how the company processes the data of children. The fine follows an investigation by the DPC announced in 2021 that looked at TikTok’s compliance with Europe’s General Data Protection Regulation (GDPR) laws. Politico reported in August that the DPC was preparing to issue its penalty.

The probe focused on a few TikTok features: default account settings; “Family Pairing” settings; and age verification. After consulting with the European Data Protection Board, the DPC found that TikTok set children’s accounts to public by default when they signed up on the platform. That meant that kids’ videos were publicly viewable by default and that comments, duets, and Stitch features were also enabled by default.

Family Pairing, a feature introduced by TikTok in 2020, allows children’s accounts to be linked with a separate adult account, in theory to manage app settings like limiting screen time and restricting direct messages and content that may not be appropriate. The DPC found that children’s TikTok accounts could be linked to profiles that the company hadn’t verified belonged to a parent or guardian. Once linked, the child’s profile settings could be loosened by the adult user to allow DMs.

One sticking point is whether TikTok did enough to keep kids below its 13-year minimum age off the platform through age verification. Though the decision found TikTok’s age verification methods weren’t in violation of GDPR laws, it determined the company hadn’t sufficiently protected the privacy of children under 13 who were able to sign up for an account.

In 2021, TikTok tightened privacy settings on accounts belonging to users aged 13 to 15, making them more private by default. TikTok will have three months to bring its practices into compliance.

Other social media platforms have been fined by the DPC for similar infractions related to young users. Meta was fined more than $400 million in 2022 because it allowed teen Instagram users to sign up for business profiles, making their contact information public, among other things.