In a major blow to TikTok, the social media giant has been fined €530 million (\$600 million) by the European Union for violating data protection laws. The fine stems from accusations that the platform transferred personal data of European users to China and failed to ensure that this data was protected from Chinese authorities.
The Irish Data Protection Commission (DPC), which is the lead regulator for TikTok in Europe, found that TikTok had allowed access to personal data by staff in China, breaching European privacy laws. This decision follows an investigation that revealed TikTok had not adequately safeguarded the data against potential access by Chinese authorities under China’s laws, which diverge significantly from EU standards.
The fine is one of the largest imposed by the DPC and adds to the mounting regulatory challenges TikTok faces. Just last year, the platform was fined €345 million for breaching rules around child data protection. Despite this, TikTok maintains its stance, insisting that it has never provided European user data to Chinese authorities. The company plans to appeal the fine, arguing that it did not breach data protection rules intentionally.
As part of the ruling, TikTok has been ordered to bring its data processing practices into compliance within six months. Failure to do so could lead to a suspension of data transfers to China. This fine is expected to intensify pressure on TikTok in the United States, where lawmakers are also concerned about potential data misuse linked to its parent company, China’s ByteDance.
The DPC’s investigation, which began in 2021, also revealed that TikTok had failed to disclose to its users that their data could be accessed from China. The platform’s transparency issues were cited as a significant factor in the fine, amounting to €45 million for this particular breach.
TikTok’s troubles are compounded by increasing scrutiny in multiple countries, including the U.S., where TikTok faces a potential ban or forced sale due to security concerns. Despite the fines and the global backlash, TikTok continues to argue that it complies with international data protection standards, including significant investments in European data security.
The company’s efforts to protect user data in Europe, including the “Clover” program and claims that data is stored in Norway, Ireland, and the U.S., will now face closer scrutiny in light of these findings.
