La Quotidienne de Bruxelles - TikTok fined 530 mn euros in EU over China data transfer

The Chinese-owned social media giant, which is also in the crosshairs of the United States, acknowledged during a probe that it has hosted European data in China, contrary to a previous denial, according go Ireland's data protection watchdog.

One of the largest fines ever imposed by the authority followed a probe into the lawfulness of data transfers by TikTok.

In 2023 Ireland's Data Protection Commission (DPC) fined TikTok -- which has 1.5 billion users worldwide -- 345 million euros for breaches of European rules on processing child data.

As TikTok -- a division of Chinese tech giant ByteDance -- has its European headquarters in Ireland, the Irish authority is the lead regulator in Europe for the social platform, as well as others like Google, Meta and X.

"TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," said DPC deputy commissioner Graham Doyle.

"TikTok did not address potential access by Chinese authorities to (Europeans') personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards," Doyle said in a statement.

TikTok said it planned to appeal the EU fine, insisting it had "never received a request" from Chinese authorities for European users' data.

"(TikTok) has never provided European user data to them," Christine Grahn of TikTok Europe said. "We disagree with this decision and intend to appeal it in full."

The social media giant has been in the crosshairs of Western government for years over fears personal data could be used by China for espionage or propaganda purposes.

- US pressure -

TikTok also infringed requirements within the EU's General Data Protection Regulation (GDPR) by transferring user data to China, said the DPC's statement.

Friday's decision "includes administrative fines totalling 530 million euros and an order requiring TikTok to bring its processing into compliance within six months," it said.

The authority said 45 million euros of the fine was imposed due to a lack of transparency between 2020 and 2022 when the platform did not indicate to users which countries the data was transferred to or that it could be accessed from China.

The DPC said its decision also includes an order suspending TikTok's transfers to China if the firm does not meet the six-month deadline.

The fine is expected to increase pressure against the social network in the United States.

The US Congress passed a law in 2024 requiring ByteDance to divest control of TikTok in the United States or be banned from the country.

President Donald Trump has postponed twice, until June 19, the deadline set for the sale of the social network, which has 170 million American users.

- Multiple bans -

Aside from the data issue, TikTok is also accused of confining its users to silos through an opaque and powerful recommendation algorithm, fostering the spread of misinformation and illegal, violent, or obscene content.

Several countries have banned the platform for varying periods, such as Pakistan, Nepal, and France in the territory of New Caledonia.

For years, TikTok has highlighted its data protection policies. In Europe, it launched the Clover program, which provides for 12 billion euros of investment over 10 years.

It claims that Europeans' data is by default stored in Norway, Ireland, and the United States and "that employees in China have no access to restricted data," such as phone numbers or IP addresses.

The DPC, which opened its probe in 2021, however, said Friday it was informed in April by TikTok that European data had been stored, then deleted, in China -- contrary to what the firm previously claimed.

H.Vermeulen--LCdB