Tuesday, July 14, 2026
18.4 C
London

TikTok to Appeal €530 Million Fine Over EU Data Transfers to China

TikTok has confirmed it will appeal a €530 million fine imposed by Ireland’s Data Protection Commission (DPC) over the unauthorised transfer and storage of European user data on servers in China, in breach of EU privacy laws.

The Chinese-owned video-sharing platform acknowledged in April 2025 that it had discovered a breach earlier in February, where limited user data from the European Economic Area (EEA) was stored in China. This contradicted the company’s previous assurances during a multi-year DPC investigation, which began in September 2021.

The DPC found TikTok in violation of the EU’s General Data Protection Regulation (GDPR), specifically for failing to ensure that the personal data of European users accessed by staff in China received protections equivalent to those guaranteed within the EU.

The Commission’s ruling includes more than just the financial penalty. TikTok has been ordered to bring its data processing practices into compliance within six months. If the company fails to do so, the DPC has mandated a suspension of all data transfers from the EU to China.

Graham Doyle, Deputy Commissioner of the DPC, stated the breach raises serious concerns. “TikTok’s failure to undertake necessary assessments meant it did not sufficiently address the potential access by Chinese authorities to EEA data, especially under laws that diverge significantly from EU standards,” he said.

Despite TikTok’s claims that it has never received nor complied with any data access requests from Chinese authorities, the DPC said the company provided inaccurate information during the inquiry process. TikTok has since deleted the data in question, but further regulatory action is under consideration, the Commission said.

In response, TikTok’s Head of Public Policy and Government Relations in Europe, Christine Grahn, said the company “strongly disagrees” with the decision and plans to challenge it fully through legal channels.

TikTok pointed to its ongoing “Project Clover” initiative, launched in 2023, as evidence of its commitment to improving data security. The project involves storing European user data in three localised data centres — two in Dublin and one in Norway — with oversight from independent cybersecurity firm NCC Group.

However, the DPC ruled that while it considered these measures, they were not sufficient to prevent the penalty or halt the enforcement actions.

The DPC submitted its draft decision to other EU data authorities in February 2025, and no objections were raised, clearing the way for today’s final ruling.

Hot this week

Fuel Prices Fall Across Ireland in July as Petrol and Diesel Costs Ease

Motorists across Ireland received some relief in July as...

Oil Prices Climb Over 2% as US-Iran Strikes Renew Fears Over Strait of Hormuz

Oil prices rose by more than 2% on Monday...

Spain Wildfire Nears Containment as Evacuated Residents Begin Returning Home

A deadly wildfire in southern Spain that has claimed...

UK Police Hunt Suspect After Death of Former MP Ann Widdecombe Treated as Suspicious

Police in southwest England have launched an intensive search...

Topics

Related Articles

Popular Categories