The Irish Data Protection Commission (DPC) has fined TikTok €530 million and ordered corrective action following an investigation into the platform’s unlawful transfer of personal data from users in the European Economic Area (EEA) to China.
The DPC’s inquiry, acting in its role as lead supervisory authority under the General Data Protection Regulation (GDPR), found that TikTok Technology Limited failed to ensure an “essentially equivalent” level of data protection for EEA users whose data was accessed remotely by staff in China. The platform was also found to have breached transparency obligations by not properly informing users about the nature and destinations of the data transfers.
“The GDPR requires that the high level of protection provided within the EU continues where personal data is transferred to other countries,” said DPC Deputy Commissioner Graham Doyle. “TikTok did not meet these obligations, particularly in relation to the risk of access by Chinese authorities under national security laws.”
The DPC’s findings stemmed in part from TikTok’s own assessment of Chinese legal frameworks, including China’s Anti-Terrorism Law and National Intelligence Law, which the platform acknowledged could diverge significantly from EU privacy standards.
As part of the decision, TikTok has been ordered to bring its data processing operations into full compliance within six months. If it fails to do so, its data transfers to China will be suspended.
The investigation also revealed that TikTok submitted inaccurate information to the DPC, initially claiming that no EEA user data was stored in China. However, the company later admitted that a limited amount of such data had in fact been stored there and has since been deleted. The DPC is considering whether further regulatory action is warranted.
The fine includes €485 million for the unlawful data transfers and €45 million for failing to meet GDPR transparency requirements between July 2020 and December 2022.
The full decision will be published by the DPC in due course.
Need Help?
If you have questions or concerns about how to navigate the global AI regulatory landscape, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
