On Friday, the Irish Data Protection Commission (DPC) fined a popular video sharing platform, Tiktok €530 million ($601 million) for violating local data protection regulations by transferring data from European users to China.
“Ticktok has been compromised in relation to EEA transfers [European Economic Area] The DPC said “in a statement” according to user data to China and its transparency requirements. “The decision includes a total of 530 million euros of administrative fines and an order that requires Tiktoc to ensure compliance with the processing within six months.”
Furthermore, this order requires us to suspend data transfers to China within the period.
The penalty is the result of a survey launched in September 2021, which investigated our transfer of personal data to China and compliance with strict data protection laws regarding data transfer to third countries.
Commenting on the decision, DPC Deputy Commissioner Graham Doyle said that Tiktok’s personal data transfer opposed Article 46(1) of the General Data Protection Regulation (GDPR).
Doyle added that Tiktok has not addressed concerns arising from potential access by Chinese authorities under domestic anti-terrorism and anti-spiring laws and has diverged “substantially” from European Union standards.
DPC also made a mistake with Tiktok to provide false information about the effect of not storing EEA users’ data on a Chinese server. This is only to disclose to last month’s Watchdog that it identified a system issue in February 2025.
“Tiktok has notified the DPC that the data is currently being deleted, but we are considering further regulatory measures in consultation with peer EU data protection authorities,” Doyle said.
Christine Grahn, director of European public policy and government relations at Tiktok, said the decision did not take into account Project Clover, a data security initiative aimed at protecting European user data, and the ruling did not reflect current security measures.
“The DPC itself recorded what Tiktok said in its report, which it has not received requests for European user data from Chinese authorities and has never provided European user data,” Grahn said.
This is the second fine the DPC has imposed on governed-owned companies. In September 2023, Tiktok was fined 345 million euros (approximately $368 million at the time) for violating GDPR laws in connection with the handling of children’s data.
Source link
