The Irish Data Protection Commission (DPC) has ordered TikTok to bring its data processing into compliance within six months after finding that it infringed on the bloc’s General Data Protection Regulation (GDPR) law due to transfers of European user data to China. The regulator warned it would suspend transfers if compliance is not met.
TikTok was fined €530 million euros ($601.3 million) for sending user data to China, with the DPC stating that TikTok failed to verify and guarantee the protection of personal data transferred to China. The regulator also found inaccurate information provided by TikTok in its previous inquiries about storing European users’ data on servers located in China.
The decision has sparked concerns among Western policymakers and regulators that TikTok’s transfers could lead to Beijing accessing user data for espionage purposes. Chinese law requires tech companies to hand over user data to the government if requested, raising concerns that user data may be accessed by Chinese authorities.
TikTok has disputed the regulator’s findings, stating it disagrees with the decision and plans to appeal in full. The company has also emphasized its 12-billion-euro Project Clover initiative aimed at protecting European user data, which was not considered by the DPC.
Source: https://www.cnbc.com/2025/05/02/ireland-fines-tiktok-530-million-for-sending-eu-user-data-to-china.html