The Irish Data Protection Commission has slapped TikTok with a hefty fine of €530 million ($600 million) following a comprehensive four-year investigation. The inquiry concluded that the popular video-sharing app violated stringent EU data privacy rules by transferring European users' personal data to China, reports AP/ UNB.
Ireland, serving as TikTok’s lead regulator in the European Union (EU), found that the company failed to provide adequate transparency regarding the storage and movement of user data. The watchdog also emphasized that TikTok did not guarantee that the personal data of European users, remotely accessed by staff in China, met the high protection standards enforced within the EU.
Deputy Commissioner Graham Doyle highlighted that TikTok's operations raised serious concerns about user data protection, stating: “TikTok failed to verify, guarantee, and demonstrate that the personal data of (European) users was afforded a level of protection essentially equivalent to that guaranteed within the EU.”
In response, TikTok expressed disagreement with the decision and announced plans to appeal the ruling. The company argued that the fine pertains to a specific period, ending May 2023, before it began implementing its Project Clover initiative. This project, aimed at improving data security, involves the establishment of three data centers across Europe and is designed to localize and protect user data under EU standards.
Christine Grahn, TikTok’s European head of public policy and government relations, defended the company’s actions, saying: “Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm. The decision fails to fully consider these considerable data security measures.”
However, the Irish watchdog's investigation raised concerns that TikTok’s data handling practices violated the General Data Protection Regulation (GDPR), particularly in terms of data access by Chinese authorities. EU laws stipulate that personal data can only be transferred outside the bloc if adequate safeguards are in place to protect it. The watchdog concluded that Chinese laws on anti-terrorism, counter-espionage, and national intelligence diverged significantly from EU standards, raising the risk of unauthorized access to personal data.
Grahn emphasized that TikTok has never received or provided European user data to the Chinese authorities. Despite these claims, the company’s growing scrutiny in Europe underscores the rising concern among Western officials about how TikTok’s parent company, ByteDance, manages personal data amid ongoing tensions over data security.
This is not TikTok’s first encounter with regulatory action in Europe. In 2023, the Irish watchdog fined the company again in a separate investigation focused on child privacy, underscoring the mounting challenges TikTok faces in the region.
Bd-pratidin English/ Jisan
