Robert Besser
08 May 2025

DUBLIN, Ireland: TikTok has been hit with a 530 million euros (US$601.3 million) fine by Ireland's Data Protection Commission (DPC) for violating EU privacy laws by transferring European user data to China without adequate safeguards.

The Irish regulator, which leads GDPR enforcement for TikTok in the EU, said late last week that the platform failed to ensure that the personal data of users in the European Economic Area (EEA) was sufficiently protected when accessed by employees in China.

"TikTok's personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users… was afforded a level of protection essentially equivalent to that guaranteed within the EU," said Deputy Commissioner Graham Doyle.

The DPC gave TikTok six months to bring its data processing into compliance and warned that transfers could be suspended if the company fails to act.

Doyle added that TikTok's failure to assess potential access by Chinese authorities under anti-terrorism and counter-espionage laws contributed to the infringement.

The DPC also found that TikTok provided inaccurate information during the investigation. Initially, the company claimed it did not store EU user data on servers in China. However, the company later admitted that limited data had been stored there, contrary to earlier statements.

TikTok said it disagrees with the decision and will appeal. In a blog last week, Christine Grahn, TikTok's head of public policy for Europe, argued that the ruling focused on "a select period from years ago" and failed to consider Project Clover, the company's 12 billion euro European data security initiative launched in 2023.

Grahn added that "TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."

The company has acknowledged, however, that staff in countries including China have access to user data. An update to its privacy policy in 2022 stated that access was permitted to ensure a "consistent, enjoyable and safe" user experience.

Western officials have grown concerned that user data transferred to China could be accessed by the Chinese government under national security laws that require companies to cooperate with state intelligence work.

TikTok maintains that it has never shared user data with the Chinese government. In 2023, CEO Shou Zi Chew told U.S. lawmakers that the company had never received or complied with such a request.