Ireland fines TikTok €530 million

Ireland's Data Protection Commission (DPC) has fined TikTok €530 million for transferring European users' personal data to China. The Irish body announced in a statement on its website that the video platform, owned by Chinese company ByteDance, violated EU regulations under the General Data Protection Regulation (GDPR) by failing to verify that this data received the same level of protection on servers in China as it did in the European Union (EU). Furthermore, the DPC has required the app to adapt its data processing systems to EU regulations within six months. Failing that, TikTok must suspend the transfer of this data to China.

The EU's top data regulator launched an investigation in September 2021 into the legality of these data transfers from the European Economic Area (EEA) and ruled that the video platform incorrectly advertised that it did not store data from Europe on servers in China. In April, TikTok eventually admitted that "a limited amount of data" of European users' personal data had been stored on servers in China, and the platform acknowledged that it had submitted inaccurate information to the inspectorate.

DPC Deputy Commissioner Graham Doyle clarified that the company is accused of lacking the necessary assessments to certify the security of this data during the transfer and of failing to verify "potential access by Chinese authorities." Doyle also made public that TikTok replied that the data has already been deleted. However, the DPC has reported that further regulatory measures are being considered in collaboration with other EU data protection authorities. The app, which has 175 million users in Europe, has announced that it will appeal the fine and has asserted that the Chinese authorities have never asked it for European users' data, nor has the app ever provided it with any data.