TikTok has been hit with a massive €530 million (around $600 million) fine for violating the European Union’s GDPR rules.
The Irish Data Protection Commission (DPC) says the company failed to protect the data of European users after it was sent to servers in China.
According to the ruling, TikTok could not ensure that user data transferred to China was kept safe and met EU privacy standards. The court raised concerns about China’s anti-terrorism and espionage laws, which could allow government access to private data. The fine includes €485 million for the illegal data transfer and another €45 million for not clearly explaining it in TikTok’s old privacy policy.
While TikTok updated its privacy policy in 2022 and promised to spend €12 billion on new data centers in Europe, the court said that wasn’t enough. TikTok admitted that some European data had been stored in China, which it claimed has now been deleted.
This is TikTok’s second major GDPR fine — it was previously fined $367 million in 2023 over how it handled children’s data. The new penalty is the third-largest GDPR fine ever, behind only Meta and Amazon.
