Italy’s data protection authority had sounded an initial alarm, saying that Chinese-owned TikTok had told users of the video app that it was going to deliver targeted advertising to them from July 13 without requesting consent for using data stored on their devices.
The Italian watchdog had informed Ireland’s Data Protection Commission (DPC) of TikTok’s potential breaches of EU data rules. The Irish body is the lead EU regulator for TikTok and other leading internet businesses.
“Further to engagement with the DPC yesterday (11th July), TikTok has now agreed to pause the application of the changes to allow for the DPC to carry out its analysis,” the DPC said in a statement.
It added that it had raised the matter with all other data supervisory authorities in the 27-member EU.
“We believe that personalised advertising provides the best in-app experience for our community and brings us in line with industry practices, and we look forward to engaging with stakeholders and addressing their concerns,” a TikTok spokesperson said.
The Italian data protection authority welcomed what it called a responsible decision on the part of TikTok to suspend the planned changes.
Companies operating in the EU can face fines of up to 4% of their global revenue for privacy breaches.
The DPC has already opened two other inquiries into TikTok, related to the processing of children’s personal data and transfers of personal data to China.
(Additional reporting by Conor Humphries in DublinWriting by Keith WeirEditing by David Goodman)