London, May 2 — The European Union’s privacy regulators imposed a fine of €530 million ($600 million) on TikTok on Friday following a four-year probe. This penalty was issued because the investigation revealed that the platform had violated stringent data protection regulations within the EU through unauthorized transfer of user data to China.
The Irish Data Protection Commission also penalized TikTok for failing to adequately inform users regarding where their personal information was being transmitted. The commission mandated that the company must adhere to these regulations within a six-month timeframe, as reported by AP.
The Irish national oversight body acts as TikTok’s primary data privacy regulator across the 27 EU countries since the firm’s European base is located in Dublin.
Graham Doyle, the deputy commissioner, stated that TikTok did not manage to confirm, ensure, and show that the personal information of European users, which could be accessed by employees based in China, received a similar degree of protection as what is ensured within the EU.
TikTok stated that they disagree with the ruling and intend to file an appeal.
The company said in a blog post that the decision focuses on a “select period” ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centres in Europe.
Microsoft and Meta Platforms steer Wall Street towards gains.
Project Clover boasts some of the strictest data protection policies across our sector, featuring exceptional independent monitoring from NCC Group, a prominent European cybersecurity company,” stated Christine Grahn, who leads public policy and government relations for TikTok in Europe. “This ruling does not adequately take into account these significant data security initiatives.
TikTok, owned by Beijing-based ByteDance, has faced intense examination in Europe due to worries about its management of user data, particularly following warnings from Western authorities who believe it could pose a security threat because of potential transfers of user data to China. In 2023, TikTok was additionally penalized with hefty fines amounting to several hundred million euros by Ireland’s regulatory body as part of an independent probe into violations of children’s privacy rights.
The Irish supervisory authority stated that their probe revealed TikTok did not adequately tackle the issue of potential access to personal information of European users by Chinese authorities. This conclusion was drawn based on Chinese regulations related to anti-terrorism, counter-espionage, cyber security, and national intelligence, which were noted to significantly differ from European Union norms.
Grahn stated that TikTok has “never received a request for European user data from the Chinese authorities and has never disclosed such data to them.”
Under the EU rules, known as the General Data Protection Regulation, European user data can only be transferred outside of the bloc if there are safeguards in place to ensure the same level of protection.
