The UK Information Commissioner’s Office (ICO) slapped a £12.7 million fine on TikTok’s owners for breaches of data protection laws related to children’s privacy, though the sum was less than half of the levy initially threatened by the authority.

Violations dating from May 2018 to July 2020 cover a number of breaches of the country’s GDPR legislation.

Among the charges were: providing services to children under 13 and processing their personal data without the required adult consent; failing to provide easy-to-understand information to consumers on how data is collected, used and shared; and failing to ensure UK user data was processed was in a lawful, fair and transparent way.

The ICO estimated around 1.4 million under 13s in the UK were using TikTok in 2020, despite the app provider’s own rules prohibiting them from making an account.

In a statement UK Information Commissioner John Edwards slammed the company, claiming it “should have known better” and stating the fine “reflects the serious impact their failures may have had.”

“They did not do enough to check who was using their platform or take sufficient action to remove the underage children that were using their platform,” he added.

The sum was levied on TikTok Information Technologies UK and TikTok Inc, and follows a notification issued by the authority in late 2022 indicating there was a potential fine of £27 million on the cards.

Following subsequent discussions with company representatives, initial accusations around the unlawful use of special category data were not pursued, dropping the potential fine amount.