The video-sharing platform has been slapped with a hefty penalty from Ireland’s Data Protection Commission for how it dealt with minor’s data in 2020 - citing issues around age verification and privacy settings - and claiming it broke the European Union’s General Data Protection Regulation.
A spokesperson for the social media giant - which the China-based ByteDance owns - told BBC News that it "respectfully disagrees[s] with the decision, particularly the level of the fine imposed".
They continued: "The criticisms are focused on features and settings that were in place three years ago, and that we made changes to well before the investigation even began, such as setting all under 16 accounts to private by default."
The DPC allege that TikTok - which has been given three months to adhere to the legislation - had not been sufficiently clear with those between the ages of 13 and 17 about its privacy settings, which led to confusion about how the data was used.
They also discovered that the platform's design led to their content being public to all users, which made it their defacto standard, instead of restricting it to their approved followers.
Helen Dixon, the head of the authority, told the same outlet: "That is precisely at the hands of TikTok because of the way they designed the platform, and we say that infringed the data protection by design and by the default requirements of the GDPR."