Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
TikTok has been handed a €530mn fine for sending users’ data to China, in a ruling the social media group said would have negative ramifications for “any company in Europe with global operations”.
Ireland’s Data Protection Commission issued the financial penalty on Friday, saying TikTok had infringed EU data protection regulations over the transfer of personal information to China, as well as a failure of other transparency requirements.
The Irish watchdog, responsible for the matter as TikTok’s European base is in Dublin, has ordered the viral video group to bring its processing into compliance within six months.
TikTok, whose parent company ByteDance is based in Beijing, said it disagreed with the decision and vowed to appeal.
“The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them,” the company said in a statement.
“This decision has implications not just for TikTok, but for any company in Europe operating globally. We disagree with this decision and intend to appeal it in full,” it added.
The penalty is the third highest ever issued by the Irish DPC, which has previously fined Facebook’s owner Meta €1.2bn and Amazon €746mn. In 2023, it also fined TikTok €345mn in 2023 over the way it processed the personal data of children and teens.
The DPC’s investigation covered TikTok’s operations between September 2021 and May 2023. It said that TikTok eventually admitted that “limited” European user data had been stored in servers in China, having initially denied that was the case. TikTok has said that this data has since been deleted.
Announcing the fine, DPC deputy commissioner Graham Doyle said: “TikTok did not address potential access by Chinese authorities to [European users’] personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
TikTok said the DPC’s ruling focused only on a select period and did not reflect the safeguards established under its €12bn security initiative dubbed Project Clover that it said had “some of the most stringent data protections anywhere”.
TikTok is also under fire in the US, where Congress last year passed legislation requiring ByteDance to divest the app or face a nationwide ban.
President Donald Trump, who has granted the company a reprieve, suggested he could cut tariffs on Chinese goods if Beijing allowed ByteDance to sell the hugely popular video sharing app to US investors.