Officials in the European Union have slapped TikTok with a massive fine after the social media platform was caught sending user data to Communist China.
The Irish Data Protection Commission (DPC) slapped a $600 million fine on TikTok for violating the EU’s General Data Protection Regulation (GDPR).
The Verge reports that in a landmark ruling, the DPC found that TikTok breached GDPR by transferring European users’ data to servers in China.
The discovery raises significant concerns about data privacy and security.
TikTok failed to ensure that data transferred to China would be protected to a standard equivalent to that required by the EU, the DPC’s investigation revealed.
The court specifically highlighted China’s anti-terrorism and counterespionage laws as potential risks.
The laws could allow the Chinese Communist Party to access the personal information of European users.
The massive fine comprises two parts.
TikTok received a €485 million ($503M) fine for sending the data to China.
In addition, the DPC issued another €45 million ($50.9M) for TikTok’s inadequate privacy policy.
The privacy policy had failed to sufficiently explain the data transfers, the investigation found.
Despite TikTok’s recent efforts to update its privacy policy in 2022, which the court deemed “compliant,” and its promise to invest $13.6 billion in data centers within the EU, the court remained unconvinced.
Throughout the inquiry, TikTok maintained that user data was only remotely accessed from China and not stored on servers there.
However, last month, the company informed the court that it had discovered “limited” European data had indeed been stored in China and had since been deleted.
This revelation prompted DPC deputy commissioner Graham Doyle to warn that “further regulatory action” may be necessary to address this additional breach.
The $600 million fine marks the third-largest GDPR penalty to date.
It was surpassed only by fines imposed on Meta and Amazon.
This is not the first time TikTok, which has its European headquarters in Ireland, has faced a significant GDPR penalty from the Irish court.
In 2023, the company was ordered to pay $367 million for its handling of children’s data.
The ruling comes at a time when TikTok’s American business remains in a state of uncertainty.
The video-streaming platform was banned in the U.S. due to concerns over its data security and potential control by Chinese authorities.
TikTok’s Chinese owner, ByteDance, must now find a U.S. buyer to continue operating.
President Donald Trump signed a second 75-day pause on the ban last month.
It came as Trump’s ongoing trade war with China appears to have hindered efforts to negotiate a sale of the app’s US arm with ByteDance.
