TikTok fined 530 million euros by EU regulator over data protection

On Friday, TikTok faced a fine of 530 million euros ($600 million) from its primary EU privacy regulator due to issues regarding the protection of user data, and it was instructed to halt data transfers to China if it fails to meet compliance standards within six months.

Ireland’s Data Protection Commissioner (DPC) stated that TikTok, owned by China’s ByteDance, did not demonstrate that the personal data of EU users, some of which is accessed remotely by employees in China, received the high level of protection mandated by EU law.

Consequently, the short-video platform failed to tackle the possible access by Chinese officials to the data under counter-espionage and other regulations noted by TikTok as significantly differing from EU norms, the DPC stated.

TikTok stated that it firmly disputes the conclusion and has utilized the EU’s own legal framework, namely standard contractual clauses, to provide strictly regulated and restricted remote access. It intends to contest the decision.

It also stated that the decision does not adequately take into account data security measures introduced in 2023 that independently oversee remote access while guaranteeing EU user data is kept in specialized data centers located in Europe and the United States.

TikTok, which has seen swift growth among teens globally in recent years and boasts 175 million users in Europe, stated that it has never received a request for user data from Chinese authorities and has never shared data with them. This marks the second occasion TikTok has faced criticism from the DPC. In 2023, it was penalized 345 million euros for violating privacy regulations related to handling children’s personal information in the EU.