- Tiktok was sentenced to a fine of 530 million euros for illegally sent the data of Europeans to China
- Tiktok is now six months old to put your data processing to compliance or suspend any transfer to China
- Tiktok rejected the decision of the EU data regulator and plans to appeal in full
The Irish EU data protection commission (DPC) inflicted a fine on Tiktok a total of 530 million euros (the equivalent of just over $ 600 million) for having sent Europeans to China, where his parent company, Bytedance, is based.
More specifically, Tiktok was found in violation of two articles of the EU data protection law, RGPD, so as not to fulfill its obligations concerning data transfers to China and transparency. The video streaming application now has six months to provide processing to data in accordance or suspend any transfer to China.
Tiktok firmly rejected the data regulator decision and plans to appeal in full.
Tiktok vs the EU
Like the deputy commissioner of the DPC, Graham Doyle, stresses this in an official declaration, the GDPR requires that the high level of protection provided for within the European Union continues where personal data is transferred to other countries. This is something that Tiktok seems to have failed.
“Tiktok’s personal transfers to China have broken the GDPR because Tiktok has not checked, guaranteed and demonstrated that the personal data of EEA users, accessible remotely by staff in China, have received a level of protection essentially equivalent to that guaranteed within the EU,” said Doyle.
More specifically, the EU data guard dog revealed that Tiktok had violated two RGPD articles: article 46, paragraph 1, which regulates its user data transfers from the EEE to China, and its transparency obligations led by article 13 (1) (F). The DPC then issued two administrative fines of 485 million euros and 45 million euros, respectively.
Such an inability to meet the RGPD requirements, noted Doyle, has not enabled the video streaming platform to process potential access by Chinese authorities to personal data under Chinese personal data, counte-espionage and other laws.
The problem for Tiktok may not end here, however.
Tiktok was also guilty of giving the DPC erroneous information on the data of Europeans where stocks. The company first ensured that they were not stored on servers based in China. However, this allegation was then contradicted in April 2025 when Tiktok admitted to having discovered in February 2025 some limited data of EEA user on Chinese servers. The DPC should publish a decision on this issue in good time.
Commenting on this point, Doyle said: “Although Tiktok has informed the DPC that the data has now been deleted, we plan that additional regulatory actions can be justified, in consultation with our EU data protection authorities.”
Tiktok said he was disagreeing with the DPC decision and being ready to call on all accusations.
“The decision does not take into account Project Clover, our data security initiative of 12 billion euros which includes some of the strictest data protections around the world. It is rather concentrated on a period selected years ago, before the implementation of Clover in 2023 and does not reflect the guarantees and public relations for public relations for Europe, in an official declaration.
However, this is not the case, the first time that Tiktok was sentenced to a fine in Europe for breaking the data protection law. In 2023, the DPC issued a fine of 345 million euros against Tiktok for having violated the private life of children.
