EU regulators have been urged to ‘intervene immediately’ into the operation of video-sharing app TikTok, following the trend of ‘Blackout Challenges’ across social media, which have led to a series of deaths among young people.
The Dutch non-profit organization, the Foundation for Market Information Research (SOMI), has filed a complaint with the Irish data protection commission – the lead regulatory authority for TikTok in the EU, on behalf of over 60,000 complainants from across the bloc.
SOMI, which advocates for privacy and consumer standards, accuses the Chinese platform of “ongoing negligence in ensuring the safety of its young users” as well as violations of the EU’s general data protection regulation (GDPR), including the “the unsafe and unauthorized processing of personal data, to the transfer of EU citizens’ data to China.”
“On behalf of over 60,000 participants, we are not only calling a halt to TikTok, but we are also preparing a collective claim against TikTok for breaching the GDPR,” Cor Wijtvliet, co-founder of SOMI, said on Wednesday (7 April).
“The participants come from all over Europe. Anyone who has themselves or children with a TikTok account can participate in the claim.”
SOMI cites the recent case of Joshua Haileyesus, a 12-year-old boy from Colorado, who was left brain dead after participating in an online game, dubbed the ‘Blackout challenge’ on 22 March. The game involves depriving oneself of oxygen to the point of ‘blacking out’.
Reports suggest that the game has become more popular across social media networks, with accusations being leveled at TikTok for playing host to the challenge. A recent fundraising call for medical expenses from family members of Haileyesus said that the game is ‘gaining traction‘ on the platform.
However, no direct link has as yet been established between the 12-year-old boy’s injuries and any alleged use of TikTok. The platform has been keen to promote its community guidelines for users of the platform, noting that it proactively “removes content that displays suicide, suicidal ideation, or content that might encourage participation in other self-injurious behavior.”
Moreover, in September last year, the company noted that its content moderation systems had been automatically “detecting and flagging” cases of suicide that had been streamed online.
Developments in Europe
In Europe, earlier this year, the Italian Data Protection Authority imposed a temporary block on access to data for TikTok users whose age could not be verified, following the death of a 10-year-old girl on the platform who had taken part in the same game.
This came after the Italian authority scolded TikTok for a “lack of attention to the protection of minors” on its platform, in December 2020.
Since these events, the Italian data protection authority said that the company has agreed to “take measures to block access to users under the age of 13, and evaluate the use of artificial intelligence systems for age verification.”
However, SOMI says that TikTok has “failed to comply with authorities’ requirements regarding the access of underage children to its platform.”
For its part, a TikTok spokesperson told EURACTIV that “keeping our community safe, especially our younger users, and complying with the laws where we operate are responsibilities we take incredibly seriously.”
Meanwhile, the Irish data protection commissioner Helen Dixon recently raised concerns about TikTok’s operations in Europe leveling the accusation that some EU personal data may be being siloed to China.
“There are a number of challenges in relation to TikTok for the Irish DPC,” Dixon said. “TikTok tells us that EU data is transferred to the US and not to China. However, we have understood that there is the possibility that maintenance and AI engineers in China may be accessing the data.”
Dixon also disclosed that the Irish data protection commission has also had a “significant number of meetings” with TikTok since December when it was confirmed that the platform would be on the authority’s books.
In response, the Chinese platform told EURACTIV that user data is only stored on secure servers in Singapore and the US, but did not specifically address the issue of whether engineers in China had the technical capacity of accessing EU personal data.