By Kelvin Chan, associate commercial writer
London (AP) – A European Union privacy dog inflicted a fine on Tiktok in Tiktok on Friday after a four -year investigation revealed that data transfers of the video sharing application to China put users at the risk of espionage, in violation of strict EU data confidentiality rules.
The Ireland data protection committee also sanctioned Tiktok so as not to be transparent with users at the place where their personal data was sent and ordered the company to comply with the rules within six months.
The Irish National Watchdog is the main privacy regulator of Tiktok data in the EU in 27 countries because the European headquarters of the company is based in Dublin.
“Tiktok has not checked, guaranteed and demonstrated that the personal (European) user data, accessible remotely by staff in China, had a level of protection essentially equivalent to that guaranteed within the EU,” said assistant commissioner Graham Doyle in a press release.
Tiktok said she did not agree with the decision and planned to appeal.
The company declared in a blog article that the decision focuses on a “selection period” ending in May 2023, before it embarked on a data location project called Project Clover which involved building three data centers in Europe.
“The facts are that Project Clover has some of the strictest data protections in the industry, including unprecedented independent surveillance by the NCC group, a main European cybersecurity company,” said Christine Grahn, European chief of public policies and public relations in Tiktok. “The decision does not take into account these considerable data security measures.”
Tiktok, whose parent company Bytedance is based in China, was examined in Europe on how it manages the personal information of its users in the concerns of Western officials that it presents a security risk on user data sent to China. In 2023, the Irish guard dog also inflicted a fine on the company hundreds of millions of euros in a separate survey for children’s privacy.
The Irish Watchdog said that his investigation revealed that Tiktok had not addressed “potential access by the Chinese authorities” to the personal data of European users under Chinese laws on anti-terrorism, counter-espionage, cybersecurity and national information that has been identified as “materially diverging” EU standards.
Grahn said Tiktok “never received a request from European user data from the Chinese authorities and never provided them with European user data”.
Under the EU rules, known as the Data Protection General Regulations, European user data can only be transferred outside the block if guarantees are in place to ensure the same level of protection.
Grahn said Tiktok was not disagreling with the Irish regulator’s argument that he had not made “necessary assessments” for data transfers, saying that she had asked for advice from law firms and experts. She said that Tiktok was “distinguished” even if he uses the “same legal mechanisms” as thousands of other companies in Europe and that her approach is “online” with EU rules.
The survey, which opened in September 2021, also revealed that Tiktok’s privacy policy at the time did not appoint third countries, including China, where user data was transferred. The guard dog said that the policy, which has since been updated, has not explained that data processing involved “remote access to personal data stored in Singapore and the United States by China-based staff”.
Tiktok faces a more in -depth examination of the Irish regulator, which said that the company had provided inaccurate information throughout the survey by saying that it did not store European user data on Chinese servers. It was not until April that he informed the regulator that he discovered in February that some data had in fact been stored on Chinese servers.
Doyle said the guard dog took the recent developments “very seriously” and “considering what other regulatory measures could be justified”.
Originally published:
California Daily Newspapers
