Popular video-sharing app TikTok is facing serious trouble in Europe. The company has been hit with a huge fine of €530 million because it sent personal information of European users to China without proper permission. This decision came from Ireland’s privacy regulator, which is in charge of making sure companies follow Europe’s strict data protection rules.
For years, TikTok had claimed that it did not store European user data on servers in China. But an investigation found that this was not completely true. In fact, the company admitted that some user data from the European Economic Area (EEA) had been stored in China. This is a big problem because Chinese laws allow the government to demand access to any data held by companies, which doesn’t match with Europe’s tough privacy standards.
The regulator said TikTok not only sent the data to China but also failed to tell users about it. Between 2020 and 2022, users were not informed that their personal data was being transferred overseas. Only after 2022 did TikTok update its privacy policy to better explain its practices. Even though the company says it is now following the rules, the damage was already done.
Meta Faces $15 Million Fine Over Facebook User Privacy Violations in South Korea
A Record Fine and Strict Deadlines
The total fine against TikTok is massive. Out of the €530 million penalty, €485 million is for illegally transferring data to China. An additional €45 million fine was added because the company failed to be clear and honest with users about where their data was going. This makes it the third-largest fine ever under the European Union’s data protection law, known as the General Data Protection Regulation (GDPR).
TikTok has its headquarters for Europe in Ireland. This is why the Irish privacy authority, officially known as the Data Protection Commission (DPC), led the investigation. They said they are taking TikTok’s violations very seriously. According to the DPC, the company failed to properly assess how Chinese surveillance laws could put European users’ data at risk.
The DPC also noted that while TikTok has said it deleted the European data from its Chinese servers, regulators are still considering whether more action needs to be taken. For now, TikTok has been given six months to either bring its data handling into line with EU privacy rules or stop sending any user data to China altogether.
Meta Faces €91 Million Fine from Ireland Over GDPR Violation
TikTok Fights Back Against the Ruling
TikTok is not staying quiet about the fine. The company has announced that it strongly disagrees with the decision and plans to appeal against it. TikTok says that it has already put many privacy safeguards in place to protect user data and that these were not properly considered by the Irish regulator.
The company also pointed out that thousands of other businesses in Europe use similar legal methods to transfer data globally. TikTok’s leadership believes they are being unfairly targeted and singled out, even though other companies operate in the same way.
To show its commitment to European privacy, TikTok highlighted its €12 billion investment in “Project Clover.” This is a big project aimed at building data centers in Europe to store European user data locally. While the Irish authority acknowledged this effort, it still decided that TikTok’s past actions were serious enough to warrant the fine.
TikTok also stressed that it has never received a request from the Chinese government for European user data and has never given them such data. However, the regulator’s main concern is about the potential risk under China’s surveillance laws, not whether a request has already been made.
The company warned that this ruling could have wide-reaching effects, making it harder for global businesses to operate in Europe. They argued that it might even hurt Europe’s competitiveness in the tech world.
