Ireland’s Data Protection Commission (DPC) has fined TikTok a hefty 530 million euros for breaching EU privacy laws. The company was found transferring user data from the European Economic Area (EEA) to China, a clear violation of the GDPR regulations.
The fine isn't the only penalty. TikTok has six months to align its data handling practices with EU standards. If the company doesn't make the necessary changes in time, it must halt all data transfers to China.
The DPC's investigation uncovered that TikTok allowed staff in China to access personal data from European users without proving the same level of security protections that the EU requires. TikTok also failed to consider China’s national laws, which could expose data to government authorities.
At first, TikTok told the DPC it wasn't storing EEA user data on Chinese servers. However, to everyone’s surprise, TikTok later admitted that some data had been transferred and deleted after it was discovered in February.
This fine is part of a broader pattern. Regulators have been cracking down on companies that provide misleading information, like how Ofcom recently penalized OnlyFans for misrepresenting its age verification system.
Image: DIW-Aigen
Read next:
• Google’s Search Team Used Opted-Out Web Content to Train AI, Court Testimony Reveals
• Pinterest Hit By Wave Of Unexplained Bans As Users Lose Years Of Saved Content
The fine isn't the only penalty. TikTok has six months to align its data handling practices with EU standards. If the company doesn't make the necessary changes in time, it must halt all data transfers to China.
The DPC's investigation uncovered that TikTok allowed staff in China to access personal data from European users without proving the same level of security protections that the EU requires. TikTok also failed to consider China’s national laws, which could expose data to government authorities.
At first, TikTok told the DPC it wasn't storing EEA user data on Chinese servers. However, to everyone’s surprise, TikTok later admitted that some data had been transferred and deleted after it was discovered in February.
This fine is part of a broader pattern. Regulators have been cracking down on companies that provide misleading information, like how Ofcom recently penalized OnlyFans for misrepresenting its age verification system.
Read next:
• Google’s Search Team Used Opted-Out Web Content to Train AI, Court Testimony Reveals
• Pinterest Hit By Wave Of Unexplained Bans As Users Lose Years Of Saved Content
