TikTok has been hit with a massive $600 million (€530 million) fine by the Irish Data Protection Commission for violating the EU’s General Data Protection Regulation (GDPR) by sending European users’ data to servers in China.
The Verge reports that in a landmark ruling, the Irish Data Protection Commission (DPC) has ordered TikTok to pay a staggering $600 million (€530 million) for breaching the European Union’s General Data Protection Regulation (GDPR). The popular video-sharing app was found to have transferred European users’ data to servers in China, raising significant concerns about data privacy and security.
The DPC’s investigation revealed that TikTok failed to ensure that data transferred to China would be protected to a standard equivalent to that required by the EU. The court specifically highlighted China’s anti-terrorism and counterespionage laws as potential risks, as they could allow Chinese authorities to access European users’ personal information.
The hefty fine comprises two parts: €485 million for sending the data to China and €45 million for TikTok’s inadequate privacy policy, which failed to sufficiently explain the data transfers. Despite TikTok’s recent efforts to update its privacy policy in 2022, which the court deemed “compliant,” and its promise to invest $13.6 billion (€12 billion) in data centers within the EU, the court remained unconvinced.
Throughout the inquiry, TikTok maintained that user data was only remotely accessed from China and not stored on servers there. However, last month, the company informed the court that it had discovered “limited” European data had indeed been stored in China and has since been deleted. This revelation prompted DPC deputy commissioner Graham Doyle to warn that “further regulatory action” may be necessary to address this additional breach.
The $600 million fine marks the third-largest GDPR penalty to date, surpassed only by fines imposed on Meta and Amazon. This is not the first time TikTok, which has its European headquarters in Ireland, has faced a significant GDPR penalty from the Irish court. In 2023, the company was ordered to pay $367 million for its handling of children’s data.
The ruling comes at a time when TikTok’s US business remains in a state of uncertainty. The app was banned in the U.S. due to concerns over its data security and potential control by Chinese authorities, and it must find a U.S. buyer to continue operating. Last month, President Donald Trump signed a second 75-day pause on the ban, as his ongoing trade war with China appears to have hindered efforts to negotiate a sale of the app’s US arm with its Chinese owner, ByteDance.
Read more at the Verge here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship.
