Ireland fines TikTok €345 million for transferring personal data of Europeans to China

Dublin.- The Irish Data Protection Commission (DPC) reported this Friday that it has imposed a fine on TikTok of 530 million euros for the transfer of personal data of European users to China.

The DPC, the main sector regulator in the European Union (EU), stated today that the video platform provided incorrect information during this investigation, as it insisted that it did not store European data on servers in China.

The commission initiated this investigation in September 2021 to examine the legality of the transfers of personal data of users of the platform in the European Economic Area (EEA) to China.

In its conclusions, the DPC determined that TikTok infringed the community regulations included in the General Data Protection Regulation (GDPR).

According to the investigation, the platform did not "verify, guarantee, or demonstrate" that the personal data of users in Europe, which it accessed remotely from China, received the same level of protection equivalent to that provided in the EU space.

Consequently, in addition to imposing a fine, the DPC has ordered the Chinese technology company to adapt its data processing systems to community regulations within six months.

In the event of non-compliance with that schedule, TikTok, which has announced that it will appeal the decision, must suspend all data transfers to China, the commission added.

You may be interested in: Trump gives China another 75 days to disassociate ByteDance from TikTok

The Deputy Commissioner of the DPC, Graham Doyle, explained that the absence of "the necessary assessments" caused TikTok not to address the "possible access of the Chinese authorities" to personal data of the EEA, under the laws of that country on counter-terrorism, counter-espionage and others" that "differ substantially from EU rules".

Doyle underlined that the Irish regulator "is taking the recent events very seriously" regarding the storage of European users' data on servers in China.

"While TikTok has informed the DPC that the data has been deleted, we are considering what other regulatory measures could be taken, in consultation with our EU data protection counterparts," the commissioner added.