Skip to content
Technology2025general-newsBruisingTiktokRegulatoryTransferringPolitics

TikTok penalized by Irish authorities due to illicit data transmissions to China

Video-platform firm disputes accusations, announcing intentions to challenge over €500 million fine imposed by Data Protection Authority.

 and  Administrator
4 min read
Video-sharing platform vehemently disputes allegations of wrongdoing, announcing its intention to...
Video-sharing platform vehemently disputes allegations of wrongdoing, announcing its intention to challenge the over €500 million fine imposed by the Data Protection Authority.

TikTok penalized by Irish authorities due to illicit data transmissions to China

Title: TikTok Fined Half a Billion Euros for Transferring European User Data to China

Published: 06 May 2025

In a brutal blow to TikTok, Ireland's Data Protection Commission (DPC) slaps the video-sharing giant with a staggering EUR 530 million fine, accusing the company of unlawfully shifting European user data to China.

This latest regulatory action against TikTok, bound to be far from the last, is a hefty setback for the Singapore-based short-form video-sharing platform. The multimillion-euro penalty is the most significant ever issued under the European Union's General Data Protection Regulation (GDPR), adding to the long list of allegations against TikTok, which has been constantly accused of exploiting cross-border data flows for the benefit of the Chinese government.

The fine is the second such penalty levied on TikTok by the DPC within barely a year and a half, following a September 2023 order to pay EUR 345 million for inadequately securing children's data. This fine dwarfs the EUR 10 million penalty handed out by the Italian competition regulator in March 2024 and the GBP 12.7 million penalty imposed by the UK Information Commissioner's Office in April 2023 for mishandling children's data under the age of 13.

THE DPC PROBE

The recent fine follows the DPC's determination that TikTok breached GDPR guidelines in two ways. First, by failing to protect data transferred to China from being accessed by Chinese state authorities and, second, the platform's failure to notify users that such data transfers were taking place between 2020 and 2022.

In its findings, the commission stated that TikTok had not properly evaluated the risks associated with transferring European data to a jurisdiction under China's surveillance laws. These laws, as acknowledged by TikTok during the inquiry, significantly differ from EU standards and grant the Chinese government extensive powers to demand access to corporate data. The DPC concluded that the company's insufficient assessment of these legal risks represented a serious GDPR infringement.

Over half of the fine, EUR 485 million, pertains specifically to the unauthorized transfer of personal data to China, while EUR 45 million was imposed for falling short on transparency standards in TikTok's privacy policy. Although TikTok updated its privacy policy in 2022 and is now deemed compliant by the DPC, the earlier lapses exposed millions of users to potential privacy violations.

TikTok has long maintained that it does not store European or US user data on servers located in China. However, in April, the company revealed, following a February review, that "limited EEA [European Economic Area] user data" had, in fact, been stored in China.

REACTION

Commenting on the investigation, DPC Deputy Commissioner Graham Doyle wrote: "The GDPR dictates that the high level of protection provided within the European Union continues where personal data is transferred to other countries."

"TikTok's personal data transfers to China violated the GDPR because TikTok failed to verify, guarantee, and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Mr. Doyle went on to say, adding that the company had not addressed potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage, and other laws identified by TikTok as materially diverging from EU standards.

TikTok has been given six months to align its data processing protocols fully with EU rules or risk the suspension of all data transfers to China.

The company plans to appeal the decision. TikTok's head of public policy and government relations for Europe, Christine Grahn, stated: "Beyond the DPC's failure to substantively consider the extensive safeguards [implemented by TikTok], we are disappointed to have been singled out despite relying on the same legal mechanism employed by thousands of other companies providing services in Europe."

Ms. Grahn further highlighted that TikTok had "never received a request for European user data from the Chinese authorities, and has never provided European user data to them." Warning of potential consequences, she added that the ruling could "set a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale," stating that it "delivers a blow to the European Union's competitiveness."

IN THE US

TikTok's legal and regulatory struggles are far from limited to Europe. In April 2024, President Biden signed the Protecting Americans from Foreign Adversary Controlled Applications Act, requiring ByteDance, TikTok's parent company, to divest its US operations by 19 January 2025, or face a nationwide ban. TikTok contested the law, arguing that it infringed upon First Amendment rights, and the US Supreme Court upheld the legislation in January 2025, affirming Congress's authority to address national security threats. However, shortly after taking office, President Trump extended the deadline for divestiture until June this year, and in a 4 May interview with NBC News, the president suggested that the June deadline could be extended again, stating, "Perhaps I shouldn't say this, but I have a little warm spot in my heart for TikTok. TikTok is... it's very interesting, but it'll be protected. It'll be very strongly protected. But if it needs an extension, I would be willing to give it an extension. Might not need it."

  1. Despite TikTok's denial, it was revealed in April that limited European Economic Area (EEA) user data had been stored in China, triggering concerns about data security and transferring.
  2. The European Union's General Data Protection Regulation (GDPR) policy and legislation have been enforced against TikTok, resulting in a record-breaking half a billion euros fine in 2025 for unauthorized data transfer to China.
  3. TikTok's refusal to comply with the European Union's strict data-and-cloud-computing regulations could lead to the suspension of all data transfers to China, causing potential bruising to the company's political and economic standing in the region.
  4. TikTok's legal challenges aren't limited to Europe; in the US, the company faces regulations under the Protecting Americans from Foreign Adversary Controlled Applications Act, which could result in the divestiture of its US operations by 2025.
  5. The ongoing political and regulatory battles surrounding TikTok in both Europe and the US highlight the complexity of technology policy and the need for strong oversight in the era of data-and-cloud-computing.

Read also:

    Related

    Latest