Necessary Always Active
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
|
||||||
|
||||||
|
||||||
|
Published on
May 2, 2025
5 min read
TikTok Fined $600 Million in Europe for Transferring User Data to China
Ireland’s data privacy watchdog has fined Tiktok $600 million, CNBC has reported. TikTok was fined in Europe for infringing EU’s General Data Protection Regulation (GDPR) after the Irish Data Protection Commission (DPC) established that the video streaming company transferred data belonging to European users.
Compliance Timelines
The DPC is the lead data privacy regulator for TikTok across the 27 EU countries. The watchdog conducted a TikTok privacy investigation over a four year period. The investigation found that the Chinese video streaming company had put users at risk of spying through data transfers to China.
The DPC also accused TikTok for failing to inform EU users that their personal data was being transferred to China.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” DPC Deputy Commissioner Graham Doyle said.
While announcing the TikTok GDPR fine, the Irish regulator ordered the Chinese app to ensure that its data processing process complies with EU laws in the next six months. The regulator also said it will suspend transfers by the video streaming company to China if it fails to comply with processing requirements within this duration.
TikTok said in a blog post that it did not agree with DPC’s ruling and announced plans to appeal the decision. According to the social media giant, the decision focused on a specific period that ended in May 2023. This was before TikTok commenced a data localization project dubbed Project Clover. This project involved construction of three data centers in the EU.
“The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm. The decision fails to fully consider these considerable data security measures,” TikTok’s Head of Public Policy and Government Relations in Europe, Christine Grahn said.
Inaccurate Information
The DPC claimed that TikTok had offered inaccurate details to its inquiry after it claimed that no data belonging to EU users had been stored in servers in China. This month, TikTok informed the privacy watchdog that it had identified an issue in February where limited data belonging to eu users had been stored in servers located in China. This contradicted TikTok’s previous statement.
The Irish data privacy agency also accused TikTok for failing to act on “potential access by Chinese authorities” to personal data belonging to EU users as required by Chinese laws regarding anti-terrorism, counter-espionage, cybersecurity and national intelligence. According to the DPC, these laws were identified as diverging significantly from EU data protection standards.
But Grahn says the video streaming platform has “has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.”
Not New to Scrutiny
TikTok has been under EU scrutiny over the handling of user data and the security risk that comes with sending the data to China. In 2023, the DPC fined the video sharing platform following a child privacy investigation.
Under the GDPR, data from EU users can only be moved outside Europe if a company provides the necessary safeguards to guarantee same level protection. In 2022, TikTok said that its staff in countries of operation like Israel, Brazil, China, and Canada, could access user data as a way of ensuring consistent experience.
Regulators and lawmakers in western countries have been concerned about TikTok user data access by China. They are worried that the transfer of user data to China could allow Beijing to spy on users through the TikTok app. Chinese law requires tech companies to give the government access to user data upon request. These are the concerns that caused TikTok to face a range of legal challenges, including a US ban in recent years. Towards the end of 2022, the US government prohibited the use of the social media app on federal government devices, with a few exceptions.
TikTok has maintained that no user data has been shared with the Chinese government. In 2023, its CEO Shou Zi Chew submitted a written testimony to the US Congress saying the video platform has never received a request to share data belonging to US users from the Chinese government.
