TikTok Faces Fine Exceeding Half a Billion Euros
The Irish Data Protection Authority has imposed a record fine of €530 million on TikTok for violating privacy rules regarding the transfer of European users’ data to China. This penalty is considered one of the largest sanctions against global tech companies for breaches of European data protection laws.
According to Graham Doyle, Deputy Commissioner of the Irish Data Protection Authority, the penalty was a result of investigations revealing that “European users’ data was being transferred to China,” where employees at the company’s global headquarters could “access it remotely.” He explained that the General Data Protection Regulation (GDPR) requires that the same level of protection as exists within EU member states must be maintained when transferring personal data outside the Union.
Doyle added that “the personal data transfers carried out by TikTok to China violated the GDPR because the company failed to verify, ensure, and prove that the personal data of users in the European Economic Area, which employees in China accessed remotely, was granted a level of protection essentially equivalent to that guaranteed within the EU.”
The Irish Authority revealed in its ruling that TikTok provided “misleading information” during the investigation, initially informing the regulator that it “did not store European users’ data on servers located in China.” This position changed last month when the company informed investigators of a problem discovered in February involving “limited” user data that was “actually stored on servers in China,” contrary to prior evidence.
The Irish Authority has ordered TikTok to bring its handling of users’ data into compliance with European regulations within six months, and the decision includes a mandate to suspend data transfers to China if processing does not become compliant within this timeframe. While the fine is substantial, it remains less than the €1.2 billion fine imposed on Meta and the €746 million fine on Amazon.
