TikTok Paid $600 Million for Violations of EU Privacy Regulations in China Data Transfers

A privacy group in the European Union fined TikTok 530 million euros, which is around $600 million. This came after a four-year investigation showed that TikTok was sending user data to China, which broke strict EU privacy rules and put users at risk of being spied on.

  Europe Cyber affairs News   May 5, 2025  Add to Reading List
TikTok Paid $600 Million for Violations of EU Privacy Regulations in China Data Transfers

A privacy group in the European Union fined TikTok 530 million euros, which is around $600 million. This came after a four-year investigation showed that TikTok was sending user data to China, which broke strict EU privacy rules and put users at risk of being spied on.

The investigation was led by Ireland’s Data Protection Commission because TikTok's European headquarters is in Dublin. They also criticized TikTok for not being transparent with users about where their personal data was going. The Commission gave TikTok six months to comply with the rules.

Graham Doyle, the Deputy Commissioner, said TikTok did not prove that European users' personal data accessed by Chinese staff had the same level of protection as data inside the EU.

TikTok disagreed with the decision and plans to appeal. The company explained in a blog that the decision only covers a specific time period ending in May 2023. After that, TikTok started Project Clover, which involves building three data centers in Europe to keep data secure. Christine Grahn, TikTok's European public policy head, said Project Clover has strong data protections with oversight from NCC Group, a top European cybersecurity firm.

Based in China, TikTok's parent company ByteDance is under scrutiny in Europe because of concerns about how it's handling personal user information. In 2023, Ireland fined TikTok hundreds of millions in a separate child privacy case.

The Irish watchdog found TikTok ignored issues about Chinese authorities possibly accessing European users’ data under China's laws, which differ from EU laws.

Grahn said TikTok never received a request from Chinese authorities for European user data and never provided it. EU privacy rules, called the General Data Protection Regulation, state that European data can only be sent outside the EU if it remains equally protected.

Grahn defended TikTok's actions, saying they followed legal advice from experts and used the same legal processes as other European companies. She felt TikTok was singled out unfairly.

The investigation, starting in September 2021, also showed TikTok's privacy policy did not list all countries, like China, where user data went. The policy, now updated, did not explain data accessed from China even though stored in Singapore and the USA.

The Irish regulator continues to scrutinize TikTok. They said TikTok gave incorrect information during the investigation, initially claiming European user data was not stored on Chinese servers. It wasn't until April that they admitted some data was stored in China since February.

Graham Doyle stated the regulator is taking this seriously and considering further actions.