TikTok hit by a 530 million fine in the EU for illegally sending Europeans' data to China
Date:
Fri, 02 May 2025 16:28:17 +0000
Description:
The EU Data Protection Commission (DPC) has found TikTok in breach of GDPR
for not fulfilling its obligations concerning data transfers to China and transparency. TikTok has rejected the decision and plans to appeal.
FULL STORY
The Irish EU Data Protection Commission (DPC) has fined TikTok a total of 530 million (the equivalent of a bit more than $600 million) for illegally
sending Europeans' data to China, where its parent company, ByteDance, is based.
Specifically, TikTok was found in breach of two articles of the EU data protection law, GDPR , for not fulfilling its obligations concerning data transfers to China and transparency. The video streaming app now has six
months to bring its data processing into compliance or suspend any transfers
to China.
TikTok has firmly rejected the data regulator's decision and plans to appeal
in full.
TikTok vs the EU
As the DPC Deputy Commissioner Graham Doyle highlights in an official
statement , the GDPR requires that the high level of protection provided
within the European Union continues where personal data is transferred to
other countries. That's something TikTok seems to have failed to do.
"TikToks personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee, and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of
protection essentially equivalent to that guaranteed within the EU," said Doyle.
Specifically, the EU data watchdog found TikTok to have breached two GDPR articles: Article 46(1), which regulates its transfers of EEA User Data to China, and its transparency obligations ruled by Article 13(1)(f). The DPC
then issued two administrative fines of 485 million and 45 million, respectively.
Such a failure to fulfill GDPR requirements, Doyle noted, didn't enable the video streaming platform to address potential access by Chinese authorities
to EEA personal data under Chinese anti-terrorism, counter-espionage, and
other laws.
The problem for TikTok may not end here, though.
TikTok was also found guilty of giving the DPC erroneous information about where Europeans' data where stored. The company first ensured these were not stored on servers based in China. Yet, this allegation was then contradicted
in April 2025 when TikTok admitted to having discovered in February 2025 some limited EEA user data on Chinese servers. The DPC is set to publish a
decision on this matter in due course.
Commenting on this point, Doyle said: "Whilst TikTok has informed the DPC
that the data has now been deleted, we are considering what further
regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities."
TikTok said to disagree with the DPC decision and be ready to appeal all charges.
"The decision fails to fully consider Project Clover, our 12 billion industry-leading data security initiative that includes some of the most stringent data protections anywhere. It instead focuses on a select period
from years ago, prior to Clovers 2023 implementation and does not reflect the safeguards now in place," said Christine Grahn, TikTok's Head of Public
Policy & Government Relations for Europe, in an official statement .
This isn't, however, the first time TikTok has been fined in Europe for breaching data protection law. In 2023, the DPC issued a 345 million fine against TikTok for violating children's privacy.
======================================================================
Link to news story:
https://www.techradar.com/computing/cyber-security/tiktok-hit-by-a-eur530-mill ion-fine-in-the-eu-for-illegally-sending-europeans-data-to-china
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)