Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.advocacy > #689857

TikTok fined €530 million for sending European user data to China

Show all headers | View raw

What remains to be seen is whether Westerners will actually react to the 
news that TikTok is doing this with their date.

<https://www.bleepingcomputer.com/news/security/tiktok-fined-530-million-for-sending-european-user-data-to-china/>

The Irish Data Protection Commission (DPC) has fined TikTok €530 million 
(over $601 million) for illegally transferring the personal data of 
users in the European Economic Area (EEA) to China, violating the 
European Union's GDPR data protection regulations.

The administrative fines imposed by the Irish watchdog consist of a fine 
of €485 million for its infringement of Article 46(1) GDPR regarding the 
lawfulness of the data transfers to China and a fine of €45 million for 
its infringement of Article 13(1)(f) regarding the lack of transparency.

TikTok was also ordered to bring its data processing into compliance 
within six months, with the DPC planning to suspend all data transfers 
to China if the company fails to update its policies in time.

DPC officials pointed out that the issue goes beyond the location of the 
servers and is also about the risk that Chinese authorities could access 
the data of European users under domestic laws concerning terrorism and 
espionage, which contravene EU standards.

"TikTok's personal data transfers to China infringed the GDPR because 
TikTok failed to verify, guarantee and demonstrate that the personal 
data of EEA users, remotely accessed by staff in China, was afforded a 
level of protection essentially equivalent to that guaranteed within the 
EU," said DPC Deputy Commissioner Graham Doyle.

"As a result of TikTok's failure to undertake the necessary assessments, 
TikTok did not address potential access by Chinese authorities to EEA 
personal data under Chinese anti-terrorism, counter-espionage and other 
laws identified by TikTok as materially diverging from EU standards."

The DPC added that TikTok claimed during the investigation that it did 
not store users' data from the European Economic Area (EEA) on servers 
located in China.

However, in April 2025, TikTok revealed that it had discovered in 
February 2025 that some EEA user data had been stored on servers in 
China, contradicting the company's earlier statements.

"The DPC is taking these recent developments regarding the storage of 
EEA User Data on servers in China very seriously," Doyle said in a 
Friday statement. "Whilst TikTok has informed the DPC that the data has 
now been deleted, we are considering what further regulatory action may 
be warranted, in consultation with our peer EU Data Protection Authorities."

TikTok to appeal DPC's decision
However, Christine Grahn, TikTok's Head of Public Policy & Government 
Relations for Europe, said the company disagrees with the DPC's decision 
and that it's planning to appeal it because it fails to consider 
TikTok's new Project Clover data security initiative.

"Under Project Clover, TikTok has implemented advanced privacy-enhancing 
technologies (PETs), such as encryption-on-access and differential 
privacy, to ensure that non-restricted data is de-identified before it 
can be accessed by employees in China," Grahn said. "Crucially, 
independent cybersecurity experts at NCC Group have verified that these 
safeguards are working as intended."

This is the third-largest fine imposed by the Irish data protection 
authority so far, after sanctioning Amazon with 746 million euros for 
its targeted behavioral advertising practices and Facebook with 1.2 
billion euros for transferring data of EU-based users to the United States.

Previously, TikTok was slapped with a €345 million ($368 million) fine 
by the DPC for violating the privacy of children while processing their 
data and employing "dark patterns" during the registration process and 
while posting videos, nudging users toward selecting options that 
compromised their privacy.

In January 2023, TikTok was also fined €5 million ($5.4 million) by 
France's data protection authority (CNIL) for failing to adequately 
inform users about its cookie usage and making it challenging to opt-out.

-- 
God be with you,

CrudeSausage
KDE & LibreOffice supporter
John 14:6

Back to comp.os.linux.advocacy | Previous | Next | Find similar | Unroll thread

Thread

TikTok fined €530 million for sending European user data to China CrudeSausage <crude@sausa.ge> - 2025-05-02 09:19 -0400

csiph-web