TikTok has been hit with a €530 million fine by Ireland’s Data Protection Commission (DPC) for breaking European data privacy rules.
The investigation, launched in 2021, found that TikTok failed to properly protect the personal data of EU users when transferring it to China. According to the DPC, the video-sharing platform did not ensure that users’ data accessed in China received protection equal to EU standards.
Deputy Commissioner Graham Doyle explained that TikTok neglected to assess how Chinese laws could expose European user data to government access. These include China’s anti-terrorism and counter-espionage laws, which differ greatly from EU privacy protections.
TikTok, owned by China’s ByteDance, has 159.1 million active monthly users in Europe. It now has six months to bring its data handling into full compliance with EU rules. If it fails, data transfers to China could be blocked.
TikTok had told regulators it did not store EU data in China, but the DPC uncovered evidence that contradicted this. Doyle said that while TikTok claims the data has now been deleted, further regulatory action may follow.
This is not the first time TikTok has faced penalties in Europe. In 2023, it was fined €345 million for failing to protect children’s privacy.
In response, TikTok stated the decision covers a past period and doesn’t reflect changes made under Project Clover, a €12 billion security programme. The company warned the ruling could impact other global businesses operating in Europe.
