TikTok Violated Canadian Children's Privacy, Removes 500K Annually

Canadian privacy commissioners find TikTok collected sensitive data from children, forcing removal of 500,000 Canadian kids annually from platform.

Canadian privacy regulators just dropped a bombshell investigation revealing that TikTok has been systematically collecting sensitive personal data from Canadian children while simultaneously removing approximately 500,000 underage users from its platform each year. The joint investigation by federal, Quebec, Alberta, and British Columbia privacy commissioners found that TikTok failed to obtain proper parental consent, collected unnecessary personal information, and used inadequate age verification methods for users under 13. What makes this particularly concerning for American observers is that TikTok's parent company ByteDance operates under the same corporate structure and technical infrastructure globally meaning similar privacy violations could be occurring elsewhere. Privacy Commissioner of Canada Philippe Dufresne stated that "When children use digital platforms, they must be afforded the highest level of privacy protection. Our investigation found TikTok was not meeting this standard."

The technical specifics of the violations reveal sophisticated data collection practices that bypassed basic privacy safeguards. TikTok's algorithms were found to be collecting biometric data from video content, tracking location information through device permissions, and building detailed behavioral profiles on users who self-identified as underage. The platform's age verification system relied primarily on user-reported birthdates without secondary verification, allowing widespread underage access. Perhaps most troubling was the finding that TikTok continued to retain and process data from accounts after they were identified as underage and scheduled for deletion, sometimes for weeks or months during the "grace period" before actual removal.

For compliance startups and founders, this case study highlights both the risks and opportunities in the children's privacy space. The massive scale of underage user removal 500,000 annually in Canada alone suggests a global compliance challenge of enormous proportions. As the CEO of a youth privacy startup noted, "This is not just about age gates anymore; regulators expect sophisticated age verification and data protection specifically designed for young users." The situation creates immediate opportunities for startups developing AI-powered age verification systems, parental consent management platforms, and compliance tools that can help platforms navigate complex international children's privacy regulations like COPPA in the U.S. and similar laws worldwide. For American companies, the Canadian ruling serves as a warning that global regulators are increasingly coordinating on children's privacy enforcement, making compliance a strategic imperative rather than just a legal requirement.