TikTok has been fined €530 million ($600 million) by Ireland's Data Protection Commission (DPC) for illegally transferring the personal data of European users to China, in one of the largest penalties ever imposed under the EU's General Data Protection Regulation (GDPR).
© Daniel Constante | Dreamstime
The DPC found that between 2020 and 2022, TikTok transferred data without proper transparency, failed to ensure an EU-equivalent level of protection, and did not address potential access by Chinese authorities under China's counter-espionage and anti-terrorism laws. It also discovered that European data had been stored in China before being deleted, contradicting TikTok's earlier claims.
As TikTok's European headquarters is in Ireland, the DPC acts as its lead regulator within the EU. The commission's decision includes an order for TikTok to bring its data processing practices into compliance within six months or face a suspension of all transfers to China. Of the total fine, €45 million was specifically linked to TikTok's lack of transparency about cross-border data transfers.
TikTok, owned by Chinese firm ByteDance, plans to appeal. A spokesperson stated that TikTok has "never provided European user data" to Chinese authorities and has "never received a request" for such data.
This ruling intensifies scrutiny of the platform in the West, where it has faced multiple bans and legal challenges. The United States has also demanded ByteDance divest from TikTok or risk a national ban, with a compliance deadline set for June 19 by President Donald Trump.
Despite TikTok's ongoing efforts to boost trust through programmes like Project Clover—which includes €12 billion in European data infrastructure investment—regulators remain concerned about the app's data practices and influence.
Source: www.fortune.com