The Tikktok logo is visible outside the Chinese Video App Company Los Angeles offices on April 4, 2025 at Culver City, California.
Robyn Beck AFP by Getty Images
Tiktok was fined in the amount of EUR 530 million (USD 601.3 million) by Ireland by a privacy registration for sending user data to China.
The Irish Data Protection Commission (DPC) – which leads to the Privacy Supervision for Tiktok in the EU – said on Friday that Tiktok violated the Bloc Data Protection Act over the transfers of European user data to China.
The regulator ordered Tiktok to introduce data processing within six months and said that he would suspend Tiktok transfers to China if the processing is not conformated at that time.
“Tiktok to China violated the GDPR, because Tiktok did not verify, guarantee and showed that EEA's personal data, remotely access by employees in China, received a level of protection fundamentally equivalent to this guaranteed in the EU,” Graham Doyle, deputy commissioner in DPC, said on Friday.
“As a result of the lack of necessary assessments, Tiktok Tiktok did not deal with potential access by the Chinese authorities to EEA's personal data as part of Chinese anti-terroristics, counterattack and other provisions identified by Tiktok as a halter divergent with EU standards,” he added.
DPC said that he also stated that Tiktok provided inaccurate information to his question when he claims that he did not store European users' data on servers located in China. This month, Tiktok informed the regulatory authority that in February he discovered a problem in which limited data of European users was stored on servers in China, as opposed to its previous statements.
Doyle said that DPC treats this problem “very seriously” and considers what further regulatory actions may be justified in consultation with other EU data protection authorities.
Tiktok said that he did not agree with the decision of the Irish regulatory body and plans to fully appeal.
In the blog post on Friday Christine Grahn, head of public policy Tiktok and government relations for Europe, he said The decision did not take into account the clover of the project, data security initiative with a length of EUR 12 billion aimed at protecting European users' data.
“Instead, he focuses on the selected period from years ago, before the implementation of Clover 2023 and does not currently reflect security,” said Grahn.
“DPC himself registered in his report, which Tiktok said consistently: he never received the request of European user data from the Chinese authorities and never provided them with European users' data,” she added.
Tiktok has previously admitted that staff in China can access user data.
In 2022, it was stated in the update of their privacy policy that employees in the countries where they operate – including China, Brazil, Canada and Israel – are allowed to user data to ensure that their experience is “consistent, pleasant and safe”.
Western decision -makers and regulatory bodies are afraid of data transfers Tiktok users can lead to access to data for spying users in the application. Pursuant to Chinese law, technology companies are obliged to transfer data to the Chinese government if they are asked for help in the vaguely defined “intelligence work”.
For his part, Tiktok insisted that he never send user data to the Chinese government. In 2023, the head of Tikktok Shou Zi Chew said in written testimonies regarding the US Congress hearing that the application “never made available or received a request to provide US data to the Chinese government.”