The article states:

"It found that the “family pairing” scheme, which gives an adult control over a child’s account settings, did not check whether the adult “paired” with the child user was a parent or guardian."

Chapter 8, Article 1 of the GDPR[1] states:

"Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child."

This doesn't seem vague at all.

[1] https://gdpr-info.eu/art-8-gdpr/

I hope you are PR at TikTok, and not legal.

I have no relations with TikTok. I am in furious at the EU politicians, and laws in general in the West. I am pro-Western but the laws are ruining us.

GDPR generally only seems vague if you're trying to figure out exactly what you can get away with. The spirit of GDPR seems pretty easily explained.

The law is from 2018. And described exactly what was forbidden for underage children privacy. The fact that Ticktock didn't comply until 2021 is their own fault.

Small correction: GDPR was passed in May 2016, but only came into effect in Apr 2018, precisely so that companies had two years to make the necessary changes.

In other words, GDPR is literally older than TikTok by 3-4 months (initial release: September 2016).