- Tiktok has been fined 530 million euros for illegally sending Europeans to China
- Tiktok now has six months for its data processing to meet or suspend any transfer to China
- Tiktok has rejected the EU data regulator decision and plans to appeal in its entirety
The Irish EU Data Protection Commission (DPC) has fined Tiktok in a total of € 530 million (the equivalent of a little more than $ 600 million) for illegally sending European data to China, where their parent company is based.
Specifically, Tiktok found himself in breach of two articles of the EU Data Protection Law, GDPR, for not fulfilling its obligations regarding data transfers to China and transparency. The video transmission application now has six months for its data processing to meet or suspend transfers to China.
Tiktok has firmly rejected the decision of the data regulator and plans to appeal in its entirety.
Tiktok vs the EU
As the attached commissioner of DPC Graham Doyle stands out in an official statement, the GDPR requires that the high level of protection provided within the European Union continue when personal data is transferred to other countries. That is something that Tiktok seems to have failed to do.
“Tiktok personal data transfers to China violated the GDPR because Tiktok could not verify, guarantee and demonstrate that the personal data of the EEE users, remotely accessed by the staff in China, had a level of protection essentially equivalent to those guaranteed within the EU,” Doyle said.
Specifically, EU’s data control agency found that Tiktok has violated two GDPR articles: Article 46 (1), which regulates its EEE user data transfers to China, and its transparency obligations governed by article 13 (1) (f). The DPC then issued two administrative fines of € 485 million and € 45 million, respectively.
Such a failure to meet the GDPR requirements, Doyle said, did not allow the video transmission platform to address the potential access by Chinese authorities to the personal data of the EEE under Chinese anti -terrorism, counterpoint and other laws.
However, the problem for Tiktok cannot end here.
Tiktok was also convicted of giving the DPC wrong information about where European data is stored. The company said for the first time that they were not stored on servers based in China. However, this accusation was contradicted in April 2025 when Tiktok admitted to having discovered in February 2025 some limited data of US users in Chinese servers. The DPC will publish a decision on this matter in due time.
When commenting on this point, Doyle said: “While Tiktok has informed the DPC that the data has now been eliminated, we are considering what additional regulatory actions can be justified, in consultation with our EU data protection authorities by pairs.”
Tiktok said he does not agree with DPC’s decision and that he is ready to appeal all charges.
“The decision does not completely consider the Clover Project, our leading data security initiative in the 12 billion euros industry that includes some of the strictest data protections anywhere. In its place, it focuses on a select period of years ago, before the implementation of Clover 2023 and does not reflect the safeguards now in place,” said Christine Grahn, Tiktok of the public management and government relations For Europe, in an official statement.
However, this is not the first time that Tiktok has been fined in Europe for violating the data protection law. In 2023, the DPC issued a fine of 345 million euros against Tiktok for violating children’s privacy.
You may also like
