The Irish privacy watchdog imposes a fine of 530 million euros on TikTok for inadequate data protection.
The Irish Data Protection Commission (DPC) gives TikTok a massive fine for unsafely transferring European user data to China. According to the regulator, the company failed to be transparent about the level of protection for user data from the EU. It also could not guarantee that data remains out of reach of the Chinese government, despite strict European privacy regulations.
Six Months to Cease Data Transfer
The DPC rules that TikTok sent European user data to China without adequate protection against Chinese espionage or cybersecurity legislation. The regulator states that TikTok must stop storing data on Chinese servers “within six months”. Unless it can guarantee the same protection as within the EU.
The fine is also based on the fact that TikTok admitted last month to having stored data in China after all, despite previous denials. According to the company, this data has since been deleted.
Project Clover Could Not Prevent Fine
TikTok has announced it will appeal the decision. The company refers to “Project Clover”, through which European data has been stored in data centers in Ireland and Norway since 2023, under the supervision of external auditors. Nevertheless, regulators do not find this claim sufficient to rule out the risk of state interference.
The pressure for companies to comply with strict European privacy legislation is visibly increasing. X can also expect a fine after years of investigation. Meta and Apple are also receiving fines thanks to a law that obliges companies to engage in fair competition.