TikTok is once again in hot water with European regulators—this time to the tune of €530 million. At the heart of the issue is the platform’s handling of user data, specifically whether it did enough to keep that data out of reach of Chinese authorities. While TikTok insists it’s made sweeping changes to its data practices, regulators aren’t convinced—and the fine marks one of the largest penalties ever issued under EU data protection rules.
Amazon co-founder MacKenzie Scott has donated over $19 billion to charity in just five years
Diamond batteries powered by nuclear waste promise 28,000 years of clean energy
Irish Regulators Say TikTok Failed to Shield European Data
The penalty was handed down by Ireland’s Data Protection Commission (IDPC), the EU’s lead regulator for TikTok, whose parent company ByteDance is based in China. According to the IDPC, TikTok failed to implement sufficient safeguards to prevent its Chinese employees from accessing European user data—a potential violation of the General Data Protection Regulation (GDPR).
Deputy Commissioner Graham Doyle summed it up: “The GDPR requires that the strong protections guaranteed within the EU must continue even when personal data is transferred to other countries.” The Commission emphasized that while it found no evidence of actual misuse by Chinese authorities, TikTok hadn’t done enough to prevent that risk in the first place.
The company now has six months to fully comply with EU law or face the possibility of being forced to halt all data transfers to China.
Security Concerns Grow Over Chinese Surveillance Laws
European scrutiny of TikTok is largely fueled by China’s sweeping intelligence and cybersecurity laws, which compel local companies to share data with the government upon request. Although TikTok has long argued that it operates independently of the Chinese state, regulators are uneasy about the possibility that sensitive user information could fall into the wrong hands.
This isn’t TikTok’s first brush with GDPR trouble. It was previously fined in 2022 over how it handled children’s data. Now, with geopolitical tensions rising and digital sovereignty top of mind, regulators appear less willing to accept promises and more focused on results.
TikTok Responds: “We’ve Already Changed”
TikTok has announced it will appeal the decision, calling it outdated. In a statement, the company said the ruling “largely relates to past practices” and predates its 2023 Project Clover initiative—a massive €12 billion overhaul of its data infrastructure in Europe.
Under Project Clover, TikTok has been building new data centers in the EU and working with British cybersecurity firm NCC Group to audit data flows and restrict access from overseas. TikTok claims that these proactive steps are already delivering results.
NASA warns China could slow Earth’s rotation with one simple move
This dog endured 27 hours of labor and gave birth to a record-breaking number of puppies
One example: earlier this year, the company discovered that some European user data had accidentally been stored on Chinese servers. TikTok says this was swiftly identified and corrected thanks to Clover’s surveillance tools. “It was a technical issue, caught by our own monitoring systems, and the data was promptly deleted,” the company stated.
One of the Largest GDPR Fines Ever Issued
The €530 million fine is the third-largest GDPR penalty ever imposed. Meta still holds the record, having been fined €1.2 billion in 2023 over its refusal to halt data transfers to the U.S. Amazon ranks second with a €746 million fine issued in 2021.
For TikTok, the case underscores how high the stakes have become for tech companies operating globally. With EU regulators watching more closely than ever, especially when it comes to cross-border data transfers, even a platform with millions of loyal users can’t afford to get complacent.
As Europe sharpens its digital rules and the global tech landscape grows ever more fragmented, TikTok’s next moves will be watched just as closely as its videos.