- Tiktok has been fined a fine of 530 million euros to illegally send Europeans’ data to China
- TIKTOK now has six months to bring his data processing in accordance or suspend transfers to China
- Tiktok has rejected the EU -Datare Regulator’s decision and plans to appeal fully
The Irish EU Data Protection Commission (DPC) has fined Tiktok a total of € 530 million (equivalent to a little more than $ 600 million) to illegally send European data to China, where its parent company, bytance, is based.
Specifically, Tiktok was found in violation of two articles in the EU Data Protection Act, GDPR, so as not to fulfill its obligations on data transfers to China and transparency. The Video Streaming app now has six months to bring its data processing in accordance or suspend transfers to China.
Tiktok has definitely rejected the data regulator’s decision and plans to appeal fully.
Tiktok vs EU
As DPC vice commissioner Graham Doyle emphasizes in an official statement, the GDPR requires the high level of protection to be delivered in the European Union, continuing where personal data is transferred to other countries. It is something that Tiktok seems to have failed to do.
“Tikkok’s personal data transfers to China violated GDPR because Tiktok could not verify, guarantee and demonstrate that the personal data of EEA users who were remotely accessed by the staff in China were given a level of protection essentially equivalent to what is guaranteed within the EU,” Doyle said.
Specifically, the EU -DATA -Guard Dog found that Tiktok had violated two GDPR articles: Article 46 (2). 1, which regulates its transfers of the EEA user data to China and its transparency obligations laid down in Article 13 (2). 1 (f). DPC then issued two administrative fines of € 485 million respectively. And 45 million €.
Such a failure to meet GDPR requirements, noticed Doyle, did not enable the video streaming platform to tackle potential access from Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws.
However, the problem for Tiktok must not end here.
Tiktok was also found guilty of giving DPC incorrect information about where European data was stored. The company first ensured that these were not stored on servers based in China. Still, this claim was then contradicted in April 2025, when Tiktok admitted to having discovered in February 2025 some limited EEA user data on Chinese servers. DPC is set to publish a decision on this case over time.
In a comment on this point, Doyle said, “While Tiktok has informed DPC that the data has now been deleted, we are considering what further legislative actions may be justified in consultation with our Peer EU data protection authorities.”
Tiktok said to disagree with the DPC decision and be ready to appeal all charges.
“The decision fails to fully consider Project Clover, our industrial initiative of EUR 12 billion, which includes some of the most strict data protection everywhere. It focuses instead on a selected period from years ago, before Clover’s 2023 implementation and does not reflect the protection measure now in place.” Official statement.
However, this is not the first time Tiktok has been fined in Europe for violating the Data Protection Act. By 2023, DPC issued a fine of 345 million euros against Tiktok for violating children’s privacy.
