X Faces $140M Fine, TikTok Settles in EC Digital Services Act Probes
X breached its transparency obligations under the Digital Services Act (DSA) and should pay a 120 million euros ($140 million) fine, the European Commission said Friday in its first non-compliance decision under the law. X didn't immediately comment.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
TikTok, meanwhile, agreed to make its advertising repositories more transparent to allow researchers to check ads for age assurance and other criteria, the European Commission said Friday.
The DSA governs intermediary service providers such as social media, online marketplaces, very large search engines and online platforms with at least 45 million active monthly users in the EU (see 2311100001). Among other provisions, the law bars very large online platforms from using minors' personal data for targeted advertising (see 2210040001).
The DSA requires platforms to maintain an accessible and searchable repository of the ads running on their services, the EC said. The repositories are "critical for regulators, researchers, and civil society to detect scams, advertisements for illegal or age-inappropriate products, fake advertisements, and coordinated information operations, including in the context of elections."
In X's case, it breached the DSA by failing to give researchers access to public data, the EC said. The DSA requires that researchers be given access to the platform's public data, but X's terms of service bar eligible researchers from independently accessing its public data, including through scraping. The company also imposes unnecessary barriers to access to the data, undermining research into systemic risks in the EU, the EC added.
A second violation related to the lack of transparency of X's ad repository, the EC said. Accessible and searchable repositories are critical for researchers and civil society to detect scams, hybrid threat campaigns and fake ads, it said.
X, however, undermines its ad repositories by causing excessive delays in processing and failing to include the content and topic of an advertisement as well as the legal entity which pays for it, the EC said. This hampers researchers and the public from scrutinizing potential online advertising risks.
The fine was based on the nature of the infringements, their gravity in terms of affected EU users and their duration, the EC said.
X has 90 days to submit an action plan to address the breach of access to public data, the EC said. Failure to comply could lead to periodic penalty payments, it said.
Meanwhile, TikTok agreed to provide the targeting criteria selected by advertisers, together with aggregated user data such as age group and gender, the EC said. This allows researchers to investigate how ads are targeted and delivered.
TikTok must implement the changes as soon as possible, with deadlines ranging from two to 12 months, the EC said.
"The message is clear," said Henna Virkkunen, the EC's executive vice-president for tech sovereignty, security and democracy. "Our aim is compliance. When platforms engage constructively with the Commission, we are ready to accept solid commitments."
In October, the EC tentatively found that TikTok had breached DSA provisions regarding transparency and user rights and empowerment, including the obligation to give researchers adequate access to public data (see 2510240002).
Both decisions were good news, the European Consumer Organisation said. "Only through deterrent enforcement actions can the Commission ensure that platforms truly protect consumers," said BEUC Director-General Agustin Reyna.