Ireland’s Data Protection Commission (DPC), the lead EU regulator for TikTok, announced a €530 million fine after finding that the China-owned video-sharing platform had not ensured that EEA user information transferred to China would be safeguarded from Chinese government access. Under EU data-protection rules, any transfer of personal data to a non-EU country must guarantee protections on par with those inside Europe.
The DPC’s investigation, covering September 2021 through May 2023, concluded that TikTok “did not verify, guarantee or demonstrate” equivalent protection for personal data once it crossed into Chinese jurisdictions where counterterrorism and national‐security laws compel organisations to cooperate with state intelligence. Moreover, the regulator found that TikTok staff in China had “remotely accessed” some EEA user data.
Compounding the breaches, the DPC determined that TikTok provided “erroneous information” during the inquiry. Initially, TikTok had claimed it did not store any European user data abroad, only later conceding that a “limited” subset of such data was indeed kept in China. The regulator has warned that further penalties could follow, and has ordered TikTok to suspend all data transfers to China if it fails to come into compliance within six months.
TikTok responded by stating the DPC made no finding that it had ever handed over user data to Chinese authorities, and that it had never received any such requests. The company pointed to its Project Clover security framework launched in March 2023 as evidence of enhanced safeguards.
The DPC also noted that TikTok’s 2021 privacy notice misleadingly omitted any reference to possible Chinese access to data; an updated 2022 policy finally acknowledged that European information might need to be accessed in China for algorithmic checks and to root out automated abuse.
Data-security concerns over TikTok’s Chinese ownership have prompted scrutiny on both sides of the Atlantic, with US legislators threatening bans and EU policymakers demanding stricter oversight. TikTok has indicated it will appeal the Irish regulator’s decision.
