Regulatory Actions Target TikTok in the EU and US
The European Commission issued preliminary findings alleging TikTok’s product design violates the EU Digital Services Act (DSA), arguing that features such as infinite scroll, autoplay, push notifications, and highly personalized recommendations can drive addictive use patterns and that protections for minors (including parental controls and screen-time tools) are insufficient. TikTok rejected the characterization and said it will contest the findings; potential outcomes include mandated changes to algorithms/interface design and fines of up to 6% of global annual revenue if violations are confirmed.
In the United States, TikTok’s continued operation has been tied to a divest-or-ban framework requiring ByteDance to divest its U.S. business or face removal from app stores and blocking by service providers, driven by longstanding concerns about data access and Chinese legal jurisdiction. The reference describes repeated deadline extensions via executive orders after an initial shutdown period, ongoing negotiations/interest from potential investors, and reporting that TikTok has explored a separate U.S.-specific app (“M2”) amid uncertainty over the platform’s final outcome in the U.S. market.
Sources
Related Stories
European Governments Move to Restrict Social Media Use by Minors
The **European Commission** issued preliminary findings that **TikTok’s product design**—including *infinite scroll*, *autoplay*, *push notifications*, and *personalized recommendations*—may breach the EU **Digital Services Act (DSA)** by failing to adequately assess and mitigate risks to users’ physical and mental well-being, particularly for **minors and vulnerable users**. If confirmed, the Commission said the violations could result in penalties of up to **6% of TikTok’s global annual turnover**, and it signaled expected design changes such as **screen-time breaks**, adjustments to recommendation systems, and disabling or reducing features deemed to drive compulsive use. Separately, **Spain** announced plans to **ban social media access for children under 16** and require **age verification** by platforms, aligning with a broader European trend toward statutory restrictions on minors’ social media use. The announcement follows similar initiatives across Europe, including Australia’s under-16 restriction (cited as precedent), the Netherlands’ push to bar under-15s, French legislation targeting under-14s, and the UK studying a ban for children 15 and under—indicating accelerating regulatory pressure on platforms to implement enforceable child-safety and access controls.
1 months ago
TikTok U.S. Joint Venture and Proposed Security Standards for Foreign-Owned Apps
TikTok announced the creation of **TikTok USDS Joint Venture LLC** to keep operating in the U.S. under a September 2025 executive order. Under the arrangement, **ByteDance would reduce its ownership to 19.9%**, with majority ownership shifting to majority-American investors; TikTok said the new entity will implement national-security safeguards including U.S.-based data protections and controls around the recommendation algorithm. The company stated that U.S. user data and algorithm security will be supported via **Oracle’s U.S. cloud environment**, and that the joint venture will run a cybersecurity and privacy program aligned to frameworks such as **NIST CSF**, `NIST 800-53`, and **ISO 27001**, with third-party auditing/certification; TikTok said similar safeguards would extend to other U.S.-available apps such as **CapCut** and **Lemon8**. Separately, a policy commentary argued that the TikTok controversy highlights the lack of consistent U.S. standards governing **foreign-owned apps**—particularly around **data ownership/access** and **algorithmic oversight**—and called for clearer, enforceable requirements (e.g., upfront disclosure of who owns collected data and how users can opt out). While it does not add new incident details about TikTok’s joint venture, it frames the broader national-security and consumer-protection rationale for establishing uniform rules for foreign-based software providers operating in the U.S., citing TikTok and other China-linked apps as examples.
1 months ago
Regulatory-Driven Consumer Privacy and Child Safety Controls in the EU and California
TikTok said it will roll out stronger **age-verification** capabilities across the EU in the coming weeks, following a year-long pilot that analyzes profile details, posted videos, and behavioral signals to estimate whether an account may belong to a user under 13. Flagged accounts are to be reviewed by specialist moderators rather than automatically removed; TikTok said a UK pilot resulted in the removal of thousands of accounts. The move reflects increasing regulatory and public pressure on major platforms to more reliably prevent underage access, particularly where services process significant personal data and use algorithmic recommendations. California launched a new consumer privacy mechanism—the **Delete Request and Opt-out Platform (DROP)**—that allows residents to request deletion of personal information held by more than 500 registered data brokers. The tool, available via `privacy.ca.gov/drop`, supports identity and residency verification either by entering personal details (e.g., name, date of birth, address) or by using a *login.gov* account (which may require uploading government ID). The platform operationalizes expanded state privacy rights by centralizing deletion requests, aiming to reduce the exposure and resale of personal data by the data broker ecosystem.
1 months ago