TikTok has been hit with a $600 million fine by the European Union’s lead privacy regulator after a four-year probe found the company’s data transfers to China violated EU data protection rules.
The Irish Data Protection Commission, which oversees TikTok due to its European base in Dublin, said the company failed to ensure that data accessed by Chinese staff had safeguards “essentially equivalent” to EU standards.
“TikTok failed to verify, guarantee, and demonstrate adequate protection,” said Deputy Commissioner Graham Doyle.
The watchdog also criticized TikTok for not clearly informing users that their data might be remotely accessed from China, Singapore, and the U.S., and gave the company six months to comply with EU rules. TikTok responded by saying it disagreed with the findings and would appeal, arguing that the investigation focused on a “select period” before its Project Clover initiative, which includes three European data centers.
Christine Grahn, TikTok’s European head of public policy, said Project Clover has “some of the most stringent data protections anywhere in the industry.” She added that TikTok “has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.”
Still, the Irish regulator accused TikTok of giving inaccurate information, only admitting in April that it had discovered in February that some data had indeed been stored on Chinese servers.
“We are considering what further regulatory action may be warranted,” Doyle said.
