The EU Fines TikTok $600 Million for Privacy Violations Associated with Data Transfers to China

The European Union’s top privacy watchdog has fined TikTok $600 million after a four-year investigation revealed that the company’s data transfers to China were in violation of EU data protection regulations.

According to the Irish Data Protection Commission, which regulates TikTok because of its Dublin location in Europe, the company neglected to make sure that the security measures in place for data accessed by Chinese employees were “essentially equivalent” to those required by the EU.

“TikTok did not confirm, ensure, or exhibit sufficient security,” Deputy Commissioner Graham Doyle stated.

Along with criticizing TikTok for failing to adequately warn users that their data may be remotely viewed from China, Singapore, and the United States, the watchdog also given the business six months to comply with EU regulations. Responding that the study was limited to a “select period” prior to its Project Clover effort, which comprises three data centers in Europe, TikTok stated that it disagreed with the results and would file an appeal.

According to Christine Grahn, head of public policy at TikTok in Europe, Project Clover has “some of the most stringent data protections anywhere in the industry.” “The Chinese authorities have never requested European user data from TikTok, and TikTok has never given them European user data,” she continued.

Nevertheless, TikTok was accused by the Irish regulator of providing false information, and it finally acknowledged in April that it had found in February that some data had in fact been stored on Chinese servers.

“We are evaluating whether additional regulatory action is necessary,” Doyle stated.