TikTok is facing a significant fine of €530 million ($600 million) in Ireland for violating the General Data Protection Regulation (GDPR) in the European Union (EU). The fine was imposed by the Data Protection Commission (DPC) in Ireland due to TikTok's improper transfer of user data from the European Economic Area (EEA) to China.
The DPC found that TikTok breached GDPR regulations by transferring EEA user data to China without ensuring adequate protection and transparency. TikTok has been instructed to rectify its data processing practices to comply with GDPR within six months or face suspension of data transfers to China.
DPC Deputy Commissioner Graham Doyle emphasized the importance of upholding data protection standards in cross-border data transfers to countries outside the EU. TikTok failed to verify the protection of EEA user data accessed by staff in China, raising concerns about potential access by Chinese authorities under diverging laws from EU standards.
Despite initial claims that no EEA user data was stored on Chinese servers, TikTok later admitted to storing some data, leading to the discovery of inaccuracies in its previous statements. The company has since deleted the data and is working towards compliance with GDPR requirements.
