Ireland's Data Protection Commission (DPC) fined TikTok for allegedly transferring European users' data to China, in violation of the EU's General Data Protection Regulation (GDPR).
The DPC, TikTok's lead privacy watchdog in the European Union (EU), said on May 2 that TikTok violated GDPR by failing to "verify, ensure and justify" European users' data sent to China. The commission ordered the platform to comply within six months, or it would suspend the transfer of data to China.
TikTok building in Culver City, California, US, March 2023. Photo: AP/Damian DovarganesAccording to the DPC, the short video platform owned by the Chinese company ByteDance provided inaccurate information to the investigation. TikTok initially claimed it did not store user data from the European Economic Area (EEA), but later admitted it allowed a limited amount of European user data to be stored in China. Graham Doyle, deputy commissioner at the DPC, said the issue was serious and they were considering further regulatory action.
TikTok disagreed with the DPC's decision and plans to appeal. Christine Grahn, TikTok's director of public policy and government relations in Europe, said on May 2 that the decision did not take into account Project Clover, a €12 billion initiative to protect European user data.
"The decision focuses on a period from several years ago (September 2021 to May 2023), before the rollout of Clover in 2023, and does not reflect existing safeguards," Grahn said. She said TikTok had never received a request from the Chinese government for European user data, nor had it been handed over to them.
This is the second time the DPC has fined TikTok. According to Reuters, the short-video platform was fined 345 million euros in 2023 for violating privacy laws regarding the processing of personal data of children in the EU.
The safety of user data has long been a concern for many politicians. In 2022, an update to TikTok's privacy policy showed that employees in the countries where the platform operates - including China, Brazil, Canada, Israel - are allowed to access user data to ensure a "consistent, enjoyable and safe" experience.
Late last month, two tech giants Apple and Meta were also fined 500 million and 200 million euros by the European Commission (EC) for violating rules on fair competition and user choice. This is the first penalty imposed under the EU's Digital Markets Act (DMA) to ensure that tech companies comply with fair business practices.
(According to CNBC, Guardian, Reuters)