DUBLIN: The European Union has fined TikTok a record €530 million (approximately $600 million), accusing the Chinese-owned platform of transferring European user data to China and failing to adequately protect it from potential access by Chinese authorities.
The penalty, issued by Ireland’s Data Protection Commission (DPC), marks the second-largest fine ever imposed under the EU’s General Data Protection Regulation (GDPR). TikTok plans to appeal the decision, maintaining it has “never received a request” from Chinese officials for access to European user data.
Despite earlier denials, TikTok later admitted during the investigation that some European user data had indeed been stored in China. This revelation contradicts previous claims made by the company and prompted further scrutiny by the Irish regulator, which oversees TikTok due to its European headquarters being based in Ireland.
Graham Doyle, Deputy Commissioner of the DPC, said TikTok had failed to demonstrate that European user data accessed remotely by staff in China received “an essentially equivalent” level of protection to that guaranteed under EU law.
Doyle added that the platform did not adequately address the risks posed by Chinese laws on anti-terrorism and counter-espionage, which could compel companies to share data with authorities — a significant divergence from EU privacy standards.
As part of the ruling, the DPC also issued an order requiring TikTok to bring its data processing practices into full compliance within six months. If the company fails to do so, it may face a suspension of data transfers to China.
TikTok Europe’s Christine Grahn responded, stating, “We disagree with this decision and intend to appeal it in full.” She emphasized that TikTok had never shared European user data with Chinese authorities and insisted that sensitive information, such as phone numbers and IP addresses, remains inaccessible to employees in China.
Of the total fine, €45 million was specifically linked to TikTok’s failure between 2020 and 2022 to clearly inform users that their data might be transferred to or accessed from China.
The investigation into TikTok’s data practices began in 2021 and revealed that the company had stored — and later deleted — European data in China. TikTok informed the regulator about this in April 2025, citing a “technical issue” uncovered through its internal compliance initiative known as Project Clover.
A spokesperson for TikTok told AFP that there was no indication the data had been accessed, transferred externally, or viewed by unauthorized individuals. They added that the company had reported the issue transparently to the DPC.
Meanwhile, the platform remains under pressure in the United States. A law passed in 2024 requires ByteDance, TikTok’s parent company, to divest its U.S. operations or face a nationwide ban. President Donald Trump has twice postponed the deadline for the sale, with the latest cutoff set for June 19.
TikTok is also facing growing criticism over its powerful content algorithm, which critics say traps users in echo chambers and promotes misinformation, illegal, and harmful content. The app has already been banned temporarily or permanently in several countries, including Pakistan, Nepal, and in parts of France like New Caledonia.
Despite the backlash, TikTok maintains that its European user data is now primarily stored in secure locations in Ireland, Norway, and the U.S.
