European Union (EU) fined the Chinese video-sharing platform TikTok $600 million on Friday over a breach of data privacy law. The regulator said that the Chinese company had improperly transferred European users’ personal data to China and failed to put adequate data protection measures in place. The decision comes after a four-year-long probe into TikTok’s handling of European users' data.
The Irish Data Protection Commission, which announced the penalty, said TikTok would be given six months' time to suspend data transfers to China if it fails to meet certain requirements.
“TikTok failed to verify, guarantee, and demonstrate that the personal data of European users, accessed remotely by staff in China, received a level of protection essentially equivalent to that guaranteed within the EU,” said Ireland’s Deputy Commissioner Graham Doyle, according to Reuters.
TikTok’s Reaction
Beijing-headquartered TikTok, however, refuted the allegation and said in a statement that it adheres to all EU laws. It has reportedly also planned to appeal against the Irish Commission’s decision. The company criticised the commission for focusing its probe on a “select period” ending in May 2023, prior to its data localisation initiative “Project Clover”.
“Have never provided European user data to them [China]...This ruling risks setting a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale,” said the company.
TikTok EU Case Background
EU initiated an investigation in September 2021 and based on certain findings that TikTok’s way of dealing with personal data was not transparent and the company had failed to inform the EU that people sitting in China could access data stored in Singapore and the US. Back in that time, TikTok’s privacy policy didn’t clearly mention China or any other third countries as destinations for user data storage. This gap in policy breached the European Union’s data privacy rules.