The Tiktok logo is seen outside Los Angeles offices from the Chinese video application company on April 4, 2025 in Culver City, California.
Robyn Beck | AFP via Getty Images
Tiktok was sentenced to a fine of 530 million euros (601.3 million dollars) by the Ireland privacy regulator for sending users to China.
The Irish Data Protection Commission (DPC) – which leads to the surveillance of privacy for Tiktok in the EU – said on Friday that Tiktok had violated the RGPD data protection law on the transfers of European data from users to China.
The regulator ordered Tiktok to put its data processing in compliance within six months and said it suspended Tiktok transfers to China if the treatment is not in accordance with this period.
“Tiktok’s personal data transfers to China have violated the GDPR because Tiktok has not checked, guaranteed and demonstrated that the personal data of EEA users, accessible remotely by staff in China, were offered at a level of protection essentially equivalent to that guaranteed in the EU,” said Graham Doyle on Friday.
“Due to Tiktok’s failure to undertake the necessary evaluations, Tiktok did not address potential access by the Chinese authorities to the personal data of the EEA under Chinese anti-terrorism, counterationing and other laws identified by Tiktok as materially diverging EU standards,” he added.
The DPC said it also found that Tiktok had provided inaccurate information to its survey when it said it had not stored European user data on servers located in China. Tiktok informed the regulator this month that he had discovered a problem in February where the limited data of European users had been stored on servers in China, unlike his previous declarations.
The DPC takes the question “very seriously” and envisages what other regulatory measures can be justified in consultation with its colleagues for the protection of EU data, said Doyle.
Tiktok said she disagreed with the Irish regulator’s decision and plans to appeal in full.
Friday, in a blog post, Christine Grahn, head of Tiktok public policy and government relations for Europe, said that the decision had not taken into account the Clover project, a data security initiative of 12 billion euros aimed at protecting data from European users.
“Rather, it focuses on a selection period years ago, before Clover’s implementation in 2023 and does not reflect the guarantees now in place,” said Grahn.
“The DPC itself has recorded in its report what Tiktok has always said: it has never received a request for European user data from the Chinese authorities and never provided them with European user data,” she added.
Tiktok previously recognized that staff in China can access user data.
In 2022, he declared in an update of his privacy policy that the employees of the countries where he operates – including China, Brazil, Canada and Israel – were authorized to access user data to guarantee that their experience is “consistent, pleasant and safe”.
Western decision -makers and regulators concern Tiktok user data transfers could lead to data access to spy on users with the application. Under Chinese law, technological companies are required to hand over user data to the Chinese government if they are asked to help with vaguely defined “intelligence work”.
For his part, Tiktok insisted that he had never sent data on users to the Chinese government. In 2023, Tiktok boss, Shou Zi Chew said in a written testimony for an audience of the US Congress that the application “had never shared or received a request to share, the data of American users with the Chinese government”.
