TikTok has been fined 530 million euros ($600 million) by the Republic of Ireland’s privacy regulator for breaching the European Union’s data protection rules.
The company, whose European headquarters are in Dublin, was also ordered by Ireland’s Data Protection Commission (DPC) to suspend data transfers to China if its processing is not fully compliant within six months.
The DPC said TikTok, owned by Beijing-based ByteDance, failed to show EU users’ personal data, some of which can be remotely accessed by staff in China, was given the high level of protection provided for under EU law.
Under the EU’s General Data Protection Regulation (GDPR), which also covers European Economic Area (EEA) member states Iceland, Liechtenstein, and Norway, the regulator can impose fines of up to 4 percent of its global revenue.
GDPR breaches are policed by local regulators in each country, and many big tech firms are based in Ireland, which offers tax breaks.
‘Potential Access by Chinese Authorities’
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,” Doyle said.
TikTok, whose parent company, ByteDance, is based in China, has been under scrutiny in Europe and the United States over how it handles the personal information of its users.
Western officials fear it poses a security risk over user data sent to China.
“Obviously, I would say right now China is not exactly thrilled about signing it,” Trump said on April 9 in the Oval Office, when asked about the status of the TikTok deal amid the latest escalation in the U.S.–China trade war.
The future of TikTok in the United States has remained uncertain because of persistent national security concerns, particularly the Chinese communist regime’s ability to force the app’s Chinese parent company, ByteDance, to hand over the massive amount of data it collects on its users or manipulate the platform’s sophisticated algorithm to change public opinion.
These concerns stem in part from China’s 2017 National Intelligence Law, which obligates Chinese companies to cooperate with state intelligence operations when asked.
On Friday, TikTok said it planned to appeal against the DPC’s decision.
Christine Grahn, TikTok’s European head of public policy and government relations, said: “The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm.
“The decision fails to fully consider these considerable data security measures.”
