In a major crackdown on data privacy, TikTok has been hit with a hefty €530 million ($600 million) fine by the European Union’s primary data watchdog, Ireland’s Data Protection Commissioner (DPC). The penalty comes after a four-year investigation revealed that TikTok failed to adequately protect the personal data of its 175 million European users, particularly concerning data access by employees in China.
The DPC’s ruling demands TikTok immediately halt any data transfers to China unless it fully complies with stringent EU data protection standards within six months. The regulator expressed serious concerns over TikTok’s inability to guarantee that user data is shielded from potential access by Chinese authorities under China’s counter-espionage laws-laws that starkly contrast with the EU’s rigorous privacy framework.
TikTok, owned by China-based ByteDance, strongly disputes the findings. The company insists it has implemented robust safeguards, including the use of EU-standard contractual clauses to tightly regulate and limit remote data access. TikTok also highlighted new data protection measures introduced in 2023, which include storing EU user data in dedicated data centers located in Europe and the United States. The platform emphasized that it has never shared EU user data with Chinese authorities and plans to appeal the ruling.
This is the second significant fine TikTok has faced from the Irish regulator, following a €345 million penalty last year for mishandling children’s data. The DPC, which oversees many tech giants in Europe due to their headquarters in Ireland, has also fined Microsoft’s LinkedIn, Meta, and X for privacy violations.DPC Deputy Commissioner Graham Doyle warned that the regulator is closely monitoring TikTok’s compliance and is prepared to take further action if necessary. The ruling could set a precedent impacting numerous global companies operating in Europe, underscoring the EU’s unwavering commitment to protecting user privacy against foreign data access risks.