Might 02, 2025Ravie LakshmananData Privateness / Social Media
Eire’s Information Safety Fee (DPC) on Friday fined widespread video-sharing platform TikTok €530 million ($601 million) for infringing knowledge safety rules within the area by transferring European customers’ knowledge to China.
“TikTok infringed the GDPR relating to its transfers of EEA [European Economic Area] Person Information to China and its transparency necessities,” the DPC mentioned in an announcement. “The choice contains administrative fines totaling €530 million and an order requiring TikTok to deliver its processing into compliance inside 6 months.”
The order, as well as, requires the corporate to droop knowledge transfers to China throughout the time interval.
The penalty is the results of an investigation that was launched in September 2021 that probed the corporate’s switch of private knowledge to China and its compliance with stringent knowledge safety legal guidelines relating to knowledge transfers to 3rd international locations.
Commenting on the choice, DPC Deputy Commissioner Graham Doyle mentioned TikTok’s private knowledge transfers to China went towards Article 46(1) of the Normal Information Safety Regulation (GDPR) as a result of it did not confirm and assure that the non-public knowledge of EEA customers was given equal privateness protections to that afforded throughout the bloc.
Doyle additional added that TikTok didn’t handle issues arising from potential entry by Chinese language authorities beneath anti-terrorism and counter-espionage legal guidelines within the nation that have been recognized as “materially” diverging from European Union requirements.
The DPC additionally faulted TikTok for offering misguided info in the course of the inquiry to the impact that it didn’t retailer EEA customers’ knowledge in Chinese language servers, solely to confide in the watchdog final month that it recognized a difficulty in its techniques in February 2025, on account of which restricted EEA knowledge had certainly been saved on servers in China.
“While TikTok has knowledgeable the DPC that the information has now been deleted, we’re contemplating what additional regulatory motion could also be warranted, in session with our peer E.U. Information Safety Authorities,” Doyle mentioned.
Christine Grahn, TikTok’s head of public coverage and authorities relations for Europe, mentioned the choice did not keep in mind Venture Clover, a knowledge safety initiative aimed toward defending European consumer knowledge, and that the ruling doesn’t replicate the present safeguards put in place.
“The DPC itself recorded in its report what TikTok has constantly mentioned: it has by no means obtained a request for European consumer knowledge from the Chinese language authorities, and has by no means supplied European consumer knowledge to them,” Grahn mentioned.
That is the second high-quality levied by the DPC towards the ByteDance-owned firm. In September 2023, TikTok was handed a €345 million (then about $368 million) high-quality for violating GDPR legal guidelines in relation to its dealing with of youngsters’s knowledge.
Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.
