On May 4, Pakistan reported that the European Union imposed a record fine of $600 million on TikTok. This penalty was levied due to the company’s unauthorized transfer of user data to China without adequate safeguards. The Irish Data Protection Commission enforced this fine according to the EU’s General Data Protection Regulation (GDPR) rules on May 1, 2025.
The majority of the $551 million penalty was imposed due to inadequate protection of user data. The remaining portion addressed issues with TikTok’s ambiguous privacy policies, as they failed to adequately clarify why data was being shared. This fine marks the highest amount levied under GDPR regulations thus far.
TikTok is facing similar challenges in the United States, where it must comply with a legal directive mandating separation from its Chinese owner, ByteDance. In parallel, the European Union has set TikTok a six-month deadline to address its data handling issues; otherwise, it could face an outright prohibition on moving European user information.
TikTok refuted these claims, stating that it has never provided user information to Chinese officials. Nevertheless, the company cautioned that such decisions might affect international technology firms down the line.
