Regulators in the U.K. issued a notice to video-sharing platform TikTok on Monday after an investigation into its privacy practices regarding the handling of children's data.

The Information Commissioner's Office, U.K.'s data protection agency, said TikTok and Chinese parent company ByteDance may have breached the country's data protection laws, with the warning paving the way for a fine up to $29 million, or roughly £27 million.

According to the ICO, TikTok failed to acquire parental consent before accessing the data of children under the age of 13. The ICO also said TikTok did not make its policies accessible to children and processed sensitive information without a legal foothold.

"We all want children to be able to learn and experience the digital world, but with proper data privacy protections. Companies providing digital services have a legal duty to put those protections in place, but our provisional view is that TikTok fell short of meeting that requirement," John Edwards, the ICO's information commissioner said in a statement.

However, the regulator said the "provisional" notice is not binding as it awaits a response from the company. "We will carefully consider any representations from TikTok before taking a final decision," the ICO said.

The U.K. regulators' warning comes on the back of the country's child privacy protection laws introduced in 2020. Under the Children's Code, online services like apps and games are required to design their products to protect users' data. The guidelines require services to prioritize the highest privacy settings enabled for children and prevents them from obtaining children's precise locations.

This is not the first time TikTok has faced scrutiny over data protection concerns, including from the U.S. In 2019, the Federal Trade Commission fined the company $5.7 million for collecting children's data. The company is currently negotiating with U.S. regulators over security concerns in a bid to avoid a sale.