TikTok Fined €530M Over EU Data Privacy Violations, Faces China Data Transfer Suspension

TikTok has been hit with a €530 million ($600 million) fine by Ireland’s Data Protection Commissioner (DPC), its lead EU privacy regulator, over violations of the European Union’s data protection rules. The DPC cited concerns over the platform's failure to adequately protect EU users’ personal data, particularly regarding remote access by staff in China.

Owned by ByteDance, TikTok allegedly did not demonstrate that user data accessed from China was protected in line with the EU’s General Data Protection Regulation (GDPR). The regulator raised concerns about the risk of Chinese authorities accessing EU user data under laws that diverge from EU standards.

TikTok strongly disagreed with the ruling and plans to appeal, arguing that it uses standard contractual clauses to allow tightly controlled access. The company also noted it implemented new data security measures in 2023, including independent monitoring and storing EU user data in data centers in Europe and the U.S.

Despite TikTok’s claims, the DPC revealed that the company admitted in February that some EU user data had been stored in China—a contradiction to prior assurances. That data has since been deleted. The DPC is now weighing additional regulatory action.

This is the second major fine TikTok has received in the EU; it was previously fined €345 million in 2023 for mishandling children’s data. The Irish DPC, known for its enforcement of GDPR on global tech giants, has also penalized Meta, Microsoft, and X.

TikTok, with 175 million users across Europe, maintains it has never received nor complied with requests from Chinese authorities for EU user data. It warned that this ruling could set a precedent affecting multinational firms operating in Europe.