TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.

The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

It found TikTok had contravened GDPR by placing child users’ accounts on a public setting by default; allowing public comments on those accounts; not checking whether an adult given access to a child’s account on a “family pairing” scheme was a parent or guardian; and not properly taking into account the risks posed to under-13s on the platform who were placed on a public setting.

The Irish Data Protection Commission (DPC) said users aged between 13 and 17 were steered through the sign-up process in a way that resulted in their accounts being set to public – meaning anyone can see an account’s content or comment on it – by default. It also found that the “family pairing” scheme, which gives an adult control over a child’s account settings, did not check whether the adult “paired” with the child user was a parent or guardian.