TikTok fined 530 million euros for transferring data to China

Мирослав Трінько - 2 May, 01:45 PM

European Union data protection authorities have fined TikTok 530 million euros ($600 million) after a four-year investigation found that the app's transfer of user data to China violated strict EU privacy rules, APNews reports.

The Irish Data Protection Commission, which is TikTok's main regulator in the EU, also accused the company of a lack of transparency about where exactly the data was sent and ordered it to bring its operations into compliance within six months.

"TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," said Deputy Commissioner Graham Doyle.

TikTok plans to appeal the decision. In a blog post, the company noted that the fine applies to the period until May 2023, before the launch of Project Clover, which involves the creation of three data centers in Europe.

"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group," said Christine Grahn, TikTok’s head of public policy in Europe, adding that the decision does not take these measures into account.

TikTok, owned by China's ByteDance, has long been criticized by Western governments over the risks of transferring data to China. The company has previously been fined in the EU, including for violating children's data protection.

The Irish regulator also noted that TikTok failed to take into account "possible access by Chinese authorities" to user data under Chinese laws, which differ significantly from EU norms.

Gran assured that TikTok has never received requests from Chinese authorities for access to European data and has not transferred it.

The investigation also found that TikTok's privacy policy at the time did not specify the country to which the data was transferred, nor did it explain that the data processing involved remote access from China.