TikTok slapped with €530M fine in EU over data protection
What's the story
TikTok has been slapped with a hefty €530 million fine by the main privacy regulator in the European Union (EU).
The penalty comes over concerns about the company's handling of user data.
The EU's lead regulator, Ireland's Data Protection Commissioner (DPC), said TikTok failed to show adequate protection for the personal data of EU users.
However, TikTok has contested the ruling and plans to appeal it.
Data concerns
Data protection measures under scrutiny
The DPC emphasized that some personal data of EU users is accessed remotely by staff in China.
The regulator said, "The short-video platform did not address potential access by Chinese authorities to the data under counter-espionage and other laws identified by TikTok as materially diverging from EU standards."
In its defense, TikTok claimed it has employed the EU's own legal framework for granting limited remote access and has adopted stricter data security measures since 2023.
Storage issues
TikTok's stored EU user data on China-based servers
The DPC also objected to TikTok's data storage practices.
The regulator found that while the company had consistently claimed it didn't store EU user data on China-based servers during a four-year inquiry, it revealed last month that a small amount was stored there and has since been deleted.
"The DPC is taking these recent developments very seriously," said DPC Deputy Commissioner Graham Doyle. "We are considering what further regulatory action may be warranted," he added.
Company statement
TikTok's response to EU ruling
In its defense, TikTok said the decision doesn't fully consider data security measures taken in 2023.
These measures independently monitor remote access and ensure EU user data is stored in dedicated data centers in Europe and the US.
The company also stressed it has never received or provided any requests for EU user data from Chinese authorities.
Regulatory history
Previous fines and future implications
This isn't the first time TikTok has been penalized by the DPC. In 2023, it was fined €345 million for privacy law violations for processing children's personal data in the EU.
The DPC has also penalized other tech giants like Microsoft, X, and Meta since being granted sanctioning powers in 2018.
Under the EU's General Data Protection Regulation (GDPR), lead regulators can impose fines up to 4% of a company's global revenue.