The EU’s top privacy regulator has fined TikTok €530 million after a four-year investigation found it breached privacy rules by transferring user data to China. About this informs APNews.
TikTok’s main regulator in the European Union, the Irish Data Protection Commission, has accused the platform of a lack of transparency about exactly where user data is being transferred. Companies were given six months to bring their activities into compliance with the law.
“TikTok has failed to confirm and guarantee that the data of EU users accessed remotely by employees in China is protected to EU standards,” Deputy Commissioner Graham Doyle said.
The company announced its intention to appeal the decision. TikTok’s blog states that the fine applies to the period until May 2023, before the launch of the Project Clover initiative, which includes the creation of three data centers in Europe.
“Project Clover provides some of the strictest data protection measures in the industry with independent oversight by NCC Group”,” explained Christine Grahn, head of public policy for TikTok in Europe.
TikTok, which is owned by Chinese holding company ByteDance, has repeatedly come under fire from Western governments over concerns about data leaks to China. Previously, she was already fined in the EU, in particular, due to violations in the field of protection of children’s personal data. The Irish regulator emphasized that TikTok did not take into account “possible access by the Chinese authorities” to user data under China’s national laws, which differ significantly from the norms established in the EU.
The investigation also found that, at the time of review, TikTok’s privacy policy did not specify which countries user data was being transferred to, nor did it explain that the processing involved remote access from China.
