TikTok fined £452m by EU authorities over data transfers to China
The video sharing app said it would appeal the decision.
TikTok has been fined 530 million euros (£452 million) by the Irish data protection watchdog for breaching EU privacy rules around transferring user data to China.
The Irish Data Protection Commission (DPC) said the social media company had breached the EU General Data Protection Regulation (GDPR) by failing to ensure that user data would get equal levels of protection when transferred elsewhere, and was issuing the fine as the firm’s lead supervisory authority in the EU.
The DPC said it had also sanctioned the video-sharing app for not being transparent with users about where personal data was being sent and ordered the platform to comply with data protection rules within six months.
TikTok said it would appeal the decision, saying it primarily focused on “a select period from years ago” and before the company started its £10 billion Project Clover scheme – which has seen the firm build and open data centres in Europe to reduce transfers out of the region.
DPC deputy commissioner Graham Doyle said of the decision: “The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA (European Economic Area) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
The social media giant, which is owned by China-based ByteDance, has been under scrutiny from regulators around the world over how it handles personal data, and is also facing a ban in the United States over its China links, which the US government has said is a national security issue.
In an online newsroom post in response to the decision, Christine Grahn, TikTok’s head of public policy and government relations for Europe, said: “The decision fails to fully consider Project Clover, our 12 billion euros industry-leading data security initiative that includes some of the most stringent data protections anywhere.
“It instead focuses on a select period from years ago, prior to Clover’s 2023 implementation and does not reflect the safeguards now in place.
“The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.
“With 175 million users across Europe, more than 6,000 employees, and a platform that has helped small businesses contribute 4.8 billion euros to GDP and over 51,000 jobs, TikTok is deeply integrated into the European economy.
“We disagree with the decision and plan to appeal in full.”
