The European Union’s privacy watchdog has hit TikTok’s parent company, ByteDance, with a massive €530 million (around ₹5,000 crore) fine for violating data protection rules. The fine was imposed by Ireland’s Data Protection Commission (DPC), which oversees GDPR compliance for TikTok, as its European headquarters is based in Dublin.
The regulator found that TikTok had transferred data of users from the European Economic Area (EEA) to servers in China without ensuring that the information was adequately safeguarded from potential access by Chinese authorities. The fine is one of the largest ever issued under the EU’s strict privacy laws.
According to the DPC, this breach occurred between 2020 and 2022, during which TikTok failed to inform users that their personal data was being transferred outside of Europe. While TikTok updated its privacy policy in 2022 to address transparency concerns, the earlier lapse resulted in two separate fines: €45 million for lack of transparency and €485 million for unlawful cross-border data transfers.
Although TikTok previously claimed that it did not store European user data in China, it later admitted that limited user data had, in fact, been saved on servers in the country. This admission contradicted earlier statements made to regulators, leading to a stronger response from the DPC.
In response, TikTok stated that the data in question had since been deleted and disagreed with the ruling, vowing to challenge it in court. The company also highlighted its ongoing “Project Clover” initiative, aimed at enhancing data privacy through local data centers in Europe. However, the DPC noted that its decision accounted for these developments but was based on violations committed before the project’s implementation.
This isn’t TikTok’s first run-in with the EU’s privacy authorities. In 2023, the DPC fined the platform approximately ₹3,000 crore for failing to protect teenage users’ data. The company is also facing additional investigations in the EU concerning user safety, addictive content algorithms, and potential interference with elections.
The latest penalty once again brings global focus to the growing concerns around data privacy and cross-border data flows, a topic of increasing relevance to Indian policymakers as well, as India continues to refine its own digital data protection framework.
Source: Engadget
