The TikTok brand is revealed out of doors the Chinese language video app corporate’s Los Angeles places of work on April 4, 2025 in Culver Town, California.
Robyn Beck | AFP by means of Getty Photographs
TikTok has been fined 530 million euros ($601.3 million) via Eire’s privateness regulator for sending person information to China.
The Irish Knowledge Coverage Fee (DPC) — which leads on privateness oversight for TikTok within the EU — mentioned Friday that TikTok infringed the bloc’s GDPR information coverage legislation over transfers of Ecu person information to China.
The regulator ordered TikTok to deliver its information processing into compliance inside six months and mentioned it might droop TikTok’s transfers to China if processing isn’t introduced into compliance inside that time-frame.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” Graham Doyle, deputy commissioner on the DPC, mentioned in a observation Friday.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,” he added.
The DPC mentioned it additionally discovered TikTok had equipped erroneous knowledge to its inquiry when it claimed it hadn’t saved Ecu customers’ information on servers situated in China. TikTok knowledgeable the regulator this moment that it found out a subject matter in February the place restricted Ecu person information have been saved on servers in China, opposite to its prior statements.
The DPC takes the problem “very seriously” and is thinking about what additional regulatory motion is also warranted in session with its fellow EU information coverage government, Doyle mentioned.
TikTok mentioned it disagrees with the Irish regulator’s resolution and plans to enchantment in complete.
In a weblog submit Friday, Christine Grahn, TikTok’s head of people coverage and executive members of the family for Europe, said the verdict did not bear in mind Mission Clover, a 12-billion-euro information safety initiative geared toward protective Ecu person information.
“It instead focuses on a select period from years ago, prior to Clover’s 2023 implementation and does not reflect the safeguards now in place,” Grahn mentioned.
“The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them,” she added.
TikTok has up to now stated that personnel in China can get admission to person information.
In 2022, it mentioned in an replace to its privateness coverage that staff in nations the place it operates — together with China, Brazil, Canada and Israel — are authorised get admission to to customers’ information to safeguard their enjoy is “consistent, enjoyable and safe.”
Western policymakers and regulators are involved TikTok’s transfers of person information may supremacy to Beijing getting access to the knowledge to undercover agent on customers with the app. Beneath Chinese language legislation, tech firms are required handy over person information to the Chinese language executive if asked to help with vaguely-defined “intelligence work.”
For its phase, TikTok has insisted that it hasn’t ever despatched person information to the Chinese language executive. In 2023, TikTok boss Shou Zi Chunk mentioned in written testimony for a U.S. Congress listening to that the app “has never shared, or received a request to share, U.S. user data with the Chinese government.”
