TikTok has received a €530 million (£450 million) fine from Ireland’s Data Protection Commissioner (DPC) due to concerns over its handling of user information.
Additionally, the company has been instructed to halt transfers of EU user data to China unless it can ensure compliance with EU regulations within six months. According to the DPC, TikTok, owned by Chinese firm ByteDance, failed to demonstrate that EU users’ personal data, some of which is accessed remotely by employees in China, was protected to the high standards required under the EU’s GDPR legislation.
DPC Deputy Commissioner Graham Doyle commented:
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.
TikTok has firmly rejected the findings and announced plans to appeal the decision. The company stated that it had relied on the EU’s approved legal mechanisms, known as standard contractual clauses, to ensure strictly limited and carefully managed remote access. It also emphasised that EU users’ data is stored exclusively in dedicated data centres located in Europe and the United States.
