The European Union’s chief privacy watchdog has fined TikTok, the enormously popular short-video platform, 530 million euros ($600 million). The Irish Data Protection Commissioner (DPC) issued the punishment on Friday, citing concerns about TikTok’s user information protection and directing the business to suspend data transfers to China within six months unless it improves its methods.
EU Privacy Watchdog Issues Hefty Fine Over Data Security
The Irish regulator, which oversees many major tech firms with European headquarters in Ireland, stated that TikTok, owned by the Chinese company ByteDance, failed to adequately demonstrate that its EU users’ personal data was protected to the same level as guaranteed by EU law. The DPC stated that some of this data can be accessed remotely by staff in China.
Specifically, the DPC found that TikTok did not adequately address the potential for Chinese authorities to access this data under China’s counter-espionage and other national security laws, which TikTok itself acknowledged as differing significantly from EU standards.
TikTok quickly replied to the verdict, expressing strong disagreement with the findings and announced plans to appeal. The corporation claimed that it has used EU-specific regulatory measures, especially standard contractual provisions, to provide tightly regulated and limited remote access to customer data.
Adding to the problem, the DPC revealed that, despite TikTok’s claims throughout the four-year investigation that it did not store EU user data on Chinese servers, the company admitted last month that a limited amount of such data was stored in China and has since been removed. Graham Doyle, DPC Deputy Commissioner, noted that the agency is taking these recent discoveries
“very seriously” and is “considering what further regulatory action may be warranted.”
Future of TikTok’s Data Transfers to China in Question
The DPC’s investigation, which commenced in September 2021, also revealed that TikTok’s privacy policy at the time did not explicitly name third countries, including China, where user data was being transferred.
The regulator found that the policy, which has since been updated, did not adequately explain that data processing involved “remote access to personal data stored in Singapore and the United States by personnel based in China.”
Grahn also emphasized that TikTok
“has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.”
She argued that TikTok strongly disagreed with the Irish regulator’s assertion that it did not conduct “necessary assessments” for data transfers, noting that the company sought advice from legal firms and experts.
Grahn suggested that TikTok was being “singled out” despite using the “same legal mechanisms” as thousands of other companies in Europe and that its approach is “in line” with EU rules.
The fine and the order to suspend data transfers mark a significant escalation in the regulatory scrutiny faced by TikTok in Europe, adding to the growing concerns among Western officials regarding the potential security risks associated with user data being sent to China.
The outcome of TikTok’s planned appeal will be closely watched by companies operating globally and navigating the complex landscape of international data privacy regulations.
Also Read: Meta Bets Big on Horizon Worlds
Conclusion
Europe fined TikTok a lot of money because they’re worried TikTok isn’t keeping European users’ info safe enough, especially with some people in China being able to see it. They’ve told TikTok to stop sending data to China unless they make big changes.
TikTok doesn’t agree and will fight it. This shows Europe is serious about protecting people’s privacy. It also makes other companies that handle data think about how they do it, especially when information goes to different countries. What happens next with TikTok’s case will be important.