The European Union’s privacy watchdog has imposed a substantial fine of 530 million euros ($600 million) on TikTok following a four-year investigation into the company’s data practices.
Ireland’s Data Protection Commission found that TikTok failed to properly protect European users’ personal data that was accessed by staff in China, violating the EU’s stringent General Data Protection Regulation (GDPR).
The ruling centers on TikTok’s inability to “verify, guarantee and demonstrate” that European users’ data remotely accessed by China-based employees maintained the level of protection required under EU law. Additionally, the commission cited a lack of transparency in TikTok’s privacy policy, which failed to explicitly name China among the countries where user data was transferred.
TikTok strongly contests the decision and plans to appeal. The company argues that the investigation focused on practices ending in May 2023, before the implementation of its “Project Clover” data localization initiative that includes three European data centers and independent oversight by cybersecurity firm NCC Group.
TikTok’s European head of public policy, Christine Grahn, insists the company has “never received a request for European user data from Chinese authorities, and has never provided European user data to them.”
The Irish regulator also revealed that TikTok had provided inaccurate information during the investigation, initially claiming no European user data was stored on Chinese servers before admitting in April 2024 that some data had indeed been stored in China. This development has prompted the watchdog to consider “further regulatory action.”
This fine follows previous penalties against TikTok for child privacy violations and comes amid growing Western concerns about potential Chinese government access to user data through companies like TikTok parent ByteDance. Under Chinese laws regarding anti-terrorism, counterespionage, cybersecurity and national intelligence, authorities could potentially access data in ways that conflict with EU standards.
TikTok has six months to bring its operations into compliance with EU regulations.
Read more: TikTok fined $600 million for China data transfers that broke EU privacy rules
This article is written with the assistance of generative artificial intelligence based solely on Washington Times original reporting and wire services. For more information, please read our AI policy or contact Ann Wog, Managing Editor for Digital, at awog@washingtontimes.com
The Washington Times AI Ethics Newsroom Committee can be reached at aispotlight@washingtontimes.com.
