By Steven Andrews
TikTok has been fined €530 million ($601 million) by Ireland’s Data Protection Commission for breaching European Union privacy laws, marking one of the largest penalties ever issued under the bloc’s General Data Protection Regulation (GDPR).
The penalty follows a lengthy
investigation into how the Chinese-owned social media giant handled personal
data from users in the European Economic Area (EEA). Regulators concluded that
TikTok transferred users’ personal data to China without adequate safeguards
and failed to ensure the data was protected according to EU standards.
The ruling makes TikTok’s fine
the third-largest ever under the GDPR, behind only Amazon’s €746 million fine
in 2021 and Meta’s record €1.2 billion sanction earlier in 2023.
Data Transfers to China
In a statement released Friday,
DPC Deputy Commissioner Graham Doyle said TikTok’s parent company, ByteDance,
failed to demonstrate that data accessed by staff in China was granted a level
of protection “essentially equivalent” to what is required within the EU.
“TikTok’s personal data
transfers to China infringed the GDPR,” Doyle said. “The company failed to
verify, guarantee, and demonstrate that the personal data of EEA users was
appropriately protected.”
The commission also cited
TikTok’s failure to properly assess the risks of potential access by Chinese
authorities under that country’s anti-terrorism and counter-espionage laws.
TikTok Pushes Back
TikTok said it plans to appeal
the decision. In a statement, the company warned that the ruling could have
broader implications for global companies handling cross-border data.
“We respectfully disagree with
the decision, which we believe is based on a misinterpretation of the GDPR,” a
TikTok spokesperson said. “We have implemented extensive measures to protect
user data and will continue to do so.”
The company also emphasized its
recent efforts to localize data storage within Europe, including the opening of
new data centers in Ireland and Norway.
Global Scrutiny Grows
TikTok, which is owned by
Beijing-based ByteDance, has faced mounting scrutiny over its ties to China and
the potential for government access to user data. Lawmakers in the U.S., EU,
and several other countries have raised concerns about national security and
surveillance risks.
The latest decision from
Ireland’s privacy watchdog adds to the growing pressure on TikTok and other
global tech firms to comply with Europe’s strict privacy standards,
particularly when transferring data outside the bloc.
Under the GDPR, companies can
face fines of up to 4% of their annual global revenue for serious breaches.
This case underscores the
challenges multinational tech companies face as governments tighten rules
around cross-border data transfers in the name of digital sovereignty and user
protection.
Post a Comment