TikTok fined €530m by Irish regulator for data protection failures
The DPC said TikTok failed to show that EU users' personal data, some of which is remotely accessed by staff in China, was afforded the high level of protection provided for under EU law.
Ireland’s data protection watchdog has dished out a massive €530m fine to social media giant TikTok over the transfer of users’ personal data from Europe to China.
Issuing its decision Friday, the Data Protection Commission told the Chinese-owned firm that it had breached Europe’s General Data Protection Regulation (GDPR) over the transfer of data to China and on its transparency requirements.
Furthermore, the DPC has said it may take further action against TikTok — a popular video sharing platform — over “erroneous information” submitted to its inquiry.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” deputy commissioner Graham Doyle said.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
The administrative fine of €530m is accompanied by a direction requiring TikTok to bring its processing into compliance within six months.
TikTok has also been ordered to suspend transfers to China if the way it processes data is not brought into compliance in this same timeframe.
Throughout the inquiry, the DPC said that TikTok had maintained that it did not store data from users in the European Economic Area on servers located in China.
However, last month, TikTok informed the DPC that it had discovered “limited” European data had been stored on servers in China. The company said it had identified this in February.
TikTok informed the DPC that this discovery “meant that TikTok had provided inaccurate information to the inquiry”.
Mr Doyle added: “The DPC is taking these recent developments regarding the storage of EEA User Data on servers in China very seriously.
“Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities.”
This is not the first time that the social media giant has fallen foul of Ireland’s data protection watchdog.
In 2023, the DPC fined TikTok €345m following an investigation into how the social media platform processed children’s data.
At the time, TikTok said it “respectfully disagreed” with the level of fine imposed and challenged the decision in the High Court.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
