TikTok fined 530 million euros by EU regulator over data protection

Technology
TikTok fined 530 million euros by EU regulator over data protection
DUBLIN (Reuters) - TikTok was fined 530 million euros ($600 million) by its lead EU privacy regulator on Friday over concerns about how it protects user information and was ordered to suspend data transfers to China if its processing is not brought into compliance within six months.
Ireland's Data Protection Commissioner (DPC) said TikTok, owned by China's ByteDance, failed to show that EU users' data, some of which is remotely accessed by staff in China, was afforded the high level of protection provided for under EU law.
As a result, the short-video platform did not address potential access by Chinese authorities to the data under counter-espionage and other laws identified by TikTok as materially diverging from EU standards, the DPC said in a statement.
TikTok said it strongly contested the finding and that it has used the EU's legal framework, specifically so-called standard contractual clauses, to grant tightly controlled and limited remote access. It plans to appeal the ruling.
It also said the decision fails to fully consider data security measures first rolled out in 2023 that independently monitor remote access and ensure EU user data is stored in dedicated data centres in Europe and the United States.
TikTok, which has grown rapidly among teenagers worldwide in recent years and has 175 million users across Europe, added that it has never received a request for EU user data from the Chinese authorities, and has never provided data to them.
"This ruling risks setting a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale," TikTok said in a statement.
The DPC also found that while TikTok said throughout the four-year inquiry that it did not store EU user data on servers in China, it disclosed last month that it discovered in February that a limited amount was stored in China and has since deleted.
"The DPC is taking these recent developments very seriously. We are considering what further regulatory action may be warranted," DPC Deputy Commissioner Graham Doyle said.
In the Kenyan village of Kamathatha, farmer-turned-seed advocate Martha Njenga is teaching fellow villagers traditional seed preservation methods – empowering them to save and replant seeds season after season.
It is the second time TikTok has been reprimanded by the DPC. It was fined 345 million euros in 2023 for breaching privacy laws regarding the processing of children's data in the EU.
Under the EU's General Data Protection Regulation (GDPR), which also covers European Economic Area member states Iceland, Liechtenstein, and Norway, the lead regulator for any given company can impose fines of up to 4% of its global revenue.