TikTok, the popular video streaming app, has recently found itself in hot water with the European Union (EU) over its data handling practices. The Irish EU Data Protection Commission (DPC) imposed a hefty fine of €530 million on TikTok for unlawfully transferring Europeans’ data to China, where its parent company, ByteDance, is headquartered.
EU’s Data Protection Laws Violation
The DPC penalized TikTok for violating two key articles of the EU’s General Data Protection Regulation (GDPR). The GDPR mandates that when personal data from individuals in the European Economic Area (EEA) is transferred outside the region, it must be safeguarded with an equivalent level of protection as within the EU. However, TikTok failed to ensure this protection when transferring EEA users’ data to servers in China.
Deputy Commissioner Graham Doyle emphasized that TikTok’s actions breached GDPR transparency obligations and compromised user privacy. This breach led to administrative fines totaling €530 million being levied against TikTok by the DPC.
The Battle Between TikTok and the EU
TikTok now faces pressure to address these violations within six months or halt all data transfers to China until compliance is achieved. Despite facing this significant penalty, TikTok has expressed its intent to challenge the regulatory decision through an appeal process.
Christine Grahn, Head of Public Policy & Government Relations for Europe at TikTok, defended their position by highlighting their industry-leading data security initiative called Project Clover. This initiative aims to enhance data protection measures; however, it was not considered in evaluating TikTok’s recent infractions.
Data Storage Controversy
In addition to unlawfully transferring user data to China, TikTok also came under fire for providing misleading information regarding the storage location of Europeans’ data. Initially denying any storage on Chinese servers, TikTok later admitted in 2025 that some limited EEA user data had indeed been found on servers based in China.
The DPC raised concerns about potential access by Chinese authorities to EEA personal data due to these unauthorized transfers. While TikTok claimed that all relevant data has since been deleted from Chinese servers, further regulatory actions are being considered by the DPC and other EU Data Protection Authorities.
Repeat Offender: Previous Fines
This incident isn’t an isolated case for TikTok concerning privacy violations. In 2023, they were fined €345 million by the DPC for breaching children’s privacy rights—a pattern of non-compliance that raises questions about their commitment to safeguarding user data effectively.
As tech companies face increasing scrutiny over privacy practices globally, this latest episode involving TikTok serves as a stark reminder of the importance of upholding stringent data protection standards amidst mounting concerns around online privacy and security breaches.
Leave feedback about this