Ireland’s Data Protection Commission has imposed a substantial €530 million fine on social media giant TikTok for violating European privacy regulations by transferring EU users’ personal information to China without adequate safeguards.
The penalty follows an investigation that revealed TikTok staff at the company’s global headquarters in China could remotely access European users’ data, failing to meet the stringent data protection standards required by the General Data Protection Regulation (GDPR).
DPC Deputy Commissioner Graham Doyle emphasized that TikTok failed to “verify, guarantee and demonstrate” that European users’ personal information would receive equivalent protection when accessed from China, particularly regarding potential access by Chinese authorities under local security laws that “materially diverge from EU standards.”
The ruling requires TikTok to bring its data processing practices into compliance within six months or face a suspension of all data transfers to China. The commission also revealed that TikTok had provided “erroneous information” during the investigation, initially claiming it did not store European user data on Chinese servers before acknowledging in February that “limited” user data had indeed been stored in China.
While the €530 million penalty ranks among the largest GDPR fines issued to date, it falls short of previous record-breaking penalties against other tech giants, including Meta’s €1.2 billion fine and Amazon’s €746 million sanction.
TikTok now joins a growing list of major technology companies facing significant financial consequences for failing to comply with Europe’s stringent data protection framework.