Menu Close

UK High Court confirms that TikTok children’s privacy lawsuit can proceed

UK High Court confirms that TikTok children’s privacy lawsuit can proceed

What happened

  • A UK High Court judge has allowed a class-action privacy case against TikTok over its handling of children’s data to proceed.

  • The complaint was brought in December 2020 by a 12-year-old girl who was allowed anonymity by the court in order to bring the claim that the social networking site is improperly processing children’s data.

  • The lawsuit seeks damages on behalf of millions of children for the alleged misuse of their personal information, and if it is successful, TikTok might be forced to pay billions in compensation.

Why it matters

  • It was far from a certain conclusion that the lawsuit against TikTok would be allowed to proceed. The case had been put on hold pending the outcome of another class-action lawsuit filed against Google in regard to a Safari settings workaround (known as Lloyd v Google), which was also seeking representative damages for privacy violations.

  • Last November, however, Google won its appeal after the Supreme Court refused to allow for collective compensation for privacy damage, thereby ending the claim and jeopardising the potential of similar representative privacy lawsuits in the future.

  • As a result, there was some uncertainty about whether the TikTok privacy class action would be allowed to move further.

Former chairman warns of changes to the NHS that could affect patient privacy

What happened

  • NHS Digital’s former chairman is warning that the agency’s merger with NHS England could jeopardise the privacy of people’s personal data.

  • Kingsley Manning, writing in the British Medical Journal (BMJ), called health secretary Sajid Javid’s decision last year to merge NHS Digital with NHS England and NHS Improvement a ” retrograde step not least in the context of this government’s clear intent to weaken the constraints on the use of patient data.”

  • Because of a lack of public trust in the system, efforts to utilise health data responsibly for the right reasons may be thwarted without effective oversight.

Why it matters

  • NHS Digital, formerly known as the Health and Social Care Information Centre (HSCIC), is the IT and data arm of NHS England, which is responsible for implementing government policies in the NHS and compensating health care providers.

  • NHS Digital currently has the power to ignore a directive from NHS England to gather data and set up certain information systems.

  • However, under the new structure, NHS England with be able to decide that its legitimate interest override those of the citizen and the patient, with minimal or no external constraint/scrutiny.

  • “With no requirement for transparency and indeed with additional barriers to citizens asking for information about the use of their data, individuals may never know what NHS England chooses to do with their data” the BMJ article said.

Key takeaways from the Irish data protection regulator’s annual report

What happened

  • The Data Protection Commission (DPC) has released its Annual Report for 2021, which highlights major findings, new advice, and large-scale inquiries and decisions for the year.

  • The DPC prioritised responding to complaints that raised substantive issues and were focused on safeguarding children’s data protection rights, progressing ongoing large-scale inquiries, and prioritising responding to complaints that raised substantive issues.

  • In 2021, the DPC received 6,549 valid notifications of personal data breaches. Unauthorised disclosure of personal data is the most common cause of breach notifications, accounting for 71% of the total in 2021.  

Why it matters

  • In December 2021, the DPC released its five-year Regulatory Strategy, which focused on regulating consistently and efficiently, protecting individuals and promoting data protection awareness, protecting children and other vulnerable groups, providing clarity to stakeholders and assisting organisations in driving compliance.

  • The DPC’s budget climbed to €19.1 million in 2021, with a further €23.2 million rise in 2022. The DPC’s personnel continues to grow, with the number of employees rising from 145 to 190 in 2021, with a further 70 employees set to be hired in 2022.

  • The DPC will continue to monitor and enforce compliance, particularly in connection to data transfers and the handling of children’s data, according to the Annual Report.


Samad Miah

Data Protection Consultant

Speak to me directly by Email, or
Telephone:+44 (0)20 3745 7843 


Samad has a strong track record in data protection, both as an industry practitioner and as a consultant, helping organisations successfully address their obligations towards the Information Commissioner’s Office and other regulatory bodies.

To discuss how the above or other data protection requirements impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.


Stay in control of
your inbox

Register your details to receive our featured insights, news and analysis covered ‘In Perspective’ from our Data Protection team.

Stay up to date and discover how the requirements impact your business.