TikTok may have breached the General Data Protection Regulation (GDPR) through the misleading processing of personal data, according to the European Consumer Organisation BEUC said.

BEUC has filed a complaint with the European Commission and the network of Europe’s consumer protection authorities against TikTok, which also alleges the video-sharing platform fails to protect children from hidden advertising and inappropriate content.

The company should properly inform consumers about its business model and data processing activities and stop imposing unfair terms and practices on users, BEUC contends.

It argues several elements in TikTok’s terms of service are unfair, unclear, ambiguous and favour the company to the detriment of users.

“TikTok’s practices for the processing of users’ personal data are misleading. TikTok does not clearly inform its users, especially in a way comprehensible to children and teenagers, about what personal data is collected, for what purpose and for what legal reason,” BEUC said in a statement. “This information is, however, essential for consumers when using Tik Tok’s services.”

BEUC also said: “We consider that some of these, as well as other, practices are potentially in breach of the General Data Protection Regulation and have brought them to the attention of Data Protection Authorities in the context of their ongoing investigations into the company.”

A spokesperson for TikTok said the company has contacted BEUC and asked for a meeting.  

“Keeping our community safe, especially our younger users, and complying with the laws where we operate are responsibilities we take incredibly seriously,” the spokesperson said. “Every day we work hard to protect our community which is why we have taken a range of major steps, including making all accounts belonging to users under 16 private by default. 

He added: “We’ve also developed an in-app summary of our privacy policy with vocabulary and a tone of voice that makes it easier for teens to understand our approach to privacy.”