TikTok faces a €530 million EU record fine over data concerns

TikTok has been handed a €530 million ($600 million) fine by Ireland’s Data Protection Commissioner (DPC) over data privacy violations involving user information transfers to China.

The EU privacy watchdog highlighted that TikTok failed to ensure that the EU citizens’ data received sufficient protection against potential access by Chinese authorities, raising concerns among EU lawmakers.

The regulator has also set a tight six-month deadline for TikTok to align its data practices with the EU standards. If the platform cannot demonstrate compliance, particularly in safeguarding the EU user information from being accessed remotely by China-based employees, it could face a suspension of data transfers entirely.

TikTok strongly opposes the ruling, asserting it has consistently adhered to EU-approved frameworks that restrict and monitor data access. The platform also highlighted recent security enhancements, including dedicated EU and US data centres, as proof of its commitment.

TikTok claims it has never received or complied with any request for the EU user data from Chinese authorities, framing the ruling as an overly strict measure that could disrupt broader industry practices.

However, the regulator revealed new concerns following TikTok’s recent disclosure that some EU user data had been inadvertently stored on servers in China, although subsequently deleted.

The revelation prompted Ireland’s privacy watchdog to consider additional regulatory actions, underscoring its serious concerns about TikTok’s overall transparency of data handling.

The case represents the second major privacy reprimand against TikTok in recent years, following a €345 million fine in 2023 over mishandling children’s data. It also marks the DPC’s pattern of taking tough actions against global tech companies headquartered in Ireland, as it aims to enforce compliance strictly under the EU’s rigorous General Data Protection Regulation (GDPR) .