Britain's data watchdog says the platform may have failed to protect children's privacy.
TikTok faces a potential £27 million (€30 million) fine in the UK over a possible breach of the country's data protection law.
It refers to an alleged failure to protect children's privacy when they are using the app, and is just the latest in a series of privacy concerns regarding the video-sharing platform.
The UK Information Commissioner's Office said on Monday it had issued the social media company a legal document that precedes a potential fine.
It said TikTok may have processed the data of children under 13 without appropriate parental consent, and processed “special category data” without legal grounds to do so.
The commissioner said “special category data” included ethnic and racial origin, political opinions, religious beliefs and sexual orientation.
It also said TikTok may have failed to provide transparent, easily understood information to its users. The legal document covered the period from May 2018 to July 2020.
Information Commissioner John Edwards said the organisations's provisional view was that TikTok “fell short” of providing proper data privacy protections.
The office said the findings are not final and that it will consider any representations from TikTok before making a final decision.
“While we respect the ICO’s role in safeguarding privacy in the UK, we disagree with the preliminary views expressed and intend to formally respond to the ICO," said a statement released by TikTok, which is owned by the Chinese company ByteDance.
Britain's government is pushing through its online safety bill, which requires technology companies to protect children from harmful content.
The Information Commissioner's Office said it has six other ongoing investigations into companies that do not appear to have taken their responsibilities around child safety seriously enough.