ByteDance’s TikTok has been fined €530 million ($600 million) by the European Union for illegally transferring user data to China, a violation of the bloc’s stringent privacy regulations.
The fine was imposed by Ireland’s Data Protection Commission (DPC), the lead EU regulator for TikTok due to the company’s headquarters in Dublin.
The DPC found that TikTok violated General Data Protection Regulation (GDPR) guidelines and has been ordered to cease all unauthorized data transfers within six months.
TikTok admitted in April that European user data was stored on servers in China, contradicting earlier statements made during the investigation.
The DPC also criticized TikTok for failing to adequately protect user data from potential access by Chinese authorities under national security laws in Beijing.
“TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,” said Deputy Commissioner at the DPC, Graham Doyle.
In response, TikTok said it will appeal the decision in full, maintaining that it has never received a data request from Chinese authorities, nor provided any European user data to them.
