Eire’s Knowledge Safety Fee (DPC) on Friday fined fashionable video-sharing platform TikTok €530 million ($601 million) for infringing information safety rules within the area by transferring European customers’ information to China.
“TikTok infringed the GDPR concerning its transfers of EEA [European Economic Area] Consumer Knowledge to China and its transparency necessities,” the DPC stated in a press release. “The choice consists of administrative fines totaling €530 million and an order requiring TikTok to deliver its processing into compliance inside 6 months.”
The order, as well as, requires the corporate to droop information transfers to China throughout the time interval.
The penalty is the results of an investigation that was launched in September 2021 that probed the corporate’s switch of private information to China and its compliance with stringent information safety legal guidelines concerning information transfers to 3rd international locations.
Commenting on the choice, DPC Deputy Commissioner Graham Doyle stated TikTok’s private information transfers to China went towards Article 46(1) of the Normal Knowledge Safety Regulation (GDPR) as a result of it didn’t confirm and assure that the private information of EEA customers was given equal privateness protections to that afforded throughout the bloc.
Doyle additional added that TikTok didn’t handle considerations arising from potential entry by Chinese language authorities below anti-terrorism and counter-espionage legal guidelines within the nation and which “materially” diverged from European Union requirements.
The DPC additionally faulted TikTok for offering faulty info in the course of the inquiry to the impact that it didn’t retailer EEA customers’ information in Chinese language servers, solely to confide in the watchdog final month that it recognized a problem in its programs in February 2025, because of which restricted EEA information had certainly been saved on servers in China.
“While TikTok has knowledgeable the DPC that the information has now been deleted, we’re contemplating what additional regulatory motion could also be warranted, in session with our peer EU Knowledge Safety Authorities,” Doyle stated.
Christine Grahn, TikTok’s head of public coverage and authorities relations for Europe, stated the choice didn’t bear in mind Mission Clover, a knowledge safety initiative geared toward defending European consumer information, and that the ruling doesn’t replicate the present safeguards put in place.
“The DPC itself recorded in its report what TikTok has constantly stated: it has by no means obtained a request for European consumer information from the Chinese language authorities, and has by no means offered European consumer information to them,” Grahn stated.
That is the second nice levied by the DPC towards the ByteDance-owned firm. In September 2023, TikTok was handed a €345 million (then about $368 million) nice for violating GDPR legal guidelines in relation to its dealing with of youngsters’s information.