TikTok has been fined €530 million by the European Union for transferring personal data of European users to China and failing to ensure it was protected from access by Chinese authorities. The social media platform, which is owned by China’s ByteDance, said it plans to appeal the decision, denying any data was ever shared with the Chinese government.
The Irish Data Protection Commission (DPC), which led the investigation due to TikTok’s European headquarters being located in Ireland, accused the platform of violating the EU’s General Data Protection Regulation (GDPR). According to the DPC, TikTok admitted during the probe that it had hosted European data in China—contrary to previous public denials.
Graham Doyle, the DPC’s deputy commissioner, said TikTok had “failed to verify, guarantee and demonstrate” that the data accessed remotely by Chinese staff was protected to EU standards. He added that the company did not adequately consider or address the risks posed by Chinese national security laws that allow broad access to private data.
The fine is the second-largest ever imposed by the EU under GDPR and includes an order requiring the app to bring its data processing activities into compliance within six months. Should it fail to do so, data transfers to China will be suspended. A portion of the fine—€45 million—was issued due to TikTok’s lack of transparency between 2020 and 2022, when users were not informed that their data could be accessed from China.
TikTok, which has 1.5 billion users globally, continues to deny any wrongdoing. Christine Grahn, speaking for TikTok Europe, stated, “We have never provided European user data to the Chinese government,” and reiterated the company’s intention to appeal the ruling.
The company has previously promoted its €12 billion “Project Clover” initiative to bolster European data security, stating that all sensitive data is stored in Norway, Ireland, and the US. However, the DPC revealed that TikTok disclosed in April that some European data had been stored—and then deleted—in China, contradicting earlier claims. The social media platform attributed this to a “technical issue” and maintained it promptly notified the regulator.
The decision is likely to intensify scrutiny in the United States, where TikTok is also under pressure. In 2024, US lawmakers passed a law requiring ByteDance to sell its American operations or face a ban. President Donald Trump has twice extended the deadline for the sale, which now expires on June 19.
Beyond the data privacy issues, TikTok faces broader criticisms over its recommendation algorithms, which are said to foster misinformation and inappropriate content. The platform has already faced bans in various countries, including Pakistan, Nepal, and France’s overseas territory of New Caledonia.
