TikTok fined €530 million for sending European user data to China

The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection regulations. "TikTok's personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," said DPC Deputy Commissioner Graham Doyle. Previously, TikTok was slapped with a €345 million ($368 million) fine by the DPC for violating the privacy of children while processing their data and employing "dark patterns" during the registration process and while posting videos, nudging users toward selecting options that compromised their privacy. In January 2023, TikTok was also fined €5 million ($5.4 million) by France's data protection authority (CNIL) for failing to adequately inform users about its cookie usage and making it challenging to opt-out. The administrative fines imposed by the Irish watchdog consist of a fine of €485 million for its infringement of Article 46(1) GDPR regarding the lawfulness of the data transfers to China and a fine of €45 million for its infringement of Article 13(1)(f) regarding the lack of transparency. The DPC added that TikTok claimed during the investigation that it did not store users' data from the European Economic Area (EEA) on servers located in China. This is the third-largest fine imposed by the Irish data protection authority so far, after sanctioning Amazon with 746 million euros for its targeted behavioral advertising practices and Facebook with 1.2 billion euros for transferring data of EU-based users to the United States. "Under Project Clover, TikTok has implemented advanced privacy-enhancing technologies (PETs), such as encryption-on-access and differential privacy, to ensure that non-restricted data is de-identified before it can be accessed by employees in China," Grahn said. TikTok was also ordered to bring its data processing into compliance within six months, with the DPC planning to suspend all data transfers to China if the company fails to update its policies in time. However, in April 2025, TikTok revealed that it had discovered in February 2025 that some EEA user data had been stored on servers in China, contradicting the company's earlier statements. However, Christine Grahn, TikTok's Head of Public Policy & Government Relations for Europe, said the company disagrees with the DPC's decision and that it's planning to appeal it because it fails to consider TikTok's new Project Clover data security initiative. DPC officials pointed out that the issue goes beyond the location of the servers and is also about the risk that Chinese authorities could access the data of European users under domestic laws concerning terrorism and espionage, which contravene EU standards.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 02 May 2025 12:15:11 +0000


Cyber News related to TikTok fined €530 million for sending European user data to China

TikTok fined €530 million for sending European user data to China - The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of users in the European Economic Area (EEA) to China, violating the European Union's GDPR data protection ...
4 weeks ago Bleepingcomputer.com
Is TikTok Safe for Kids? - As the TikTok craze continues to spread worldwide, many parents wonder about the safety implications of the app their kids can't get enough of, particularly if their kids are on the younger side. TikTok features mature user content that may require ...
1 year ago Pandasecurity.com
TikTok bans explained: Everything you need to know - A proposal to ban TikTok in the U.S. has garnered bipartisan support and raised bigger questions about data access laws. TikTok has proposed a plan - Project Texas - to move all U.S. data to the United States to allay privacy and security concerns. ...
1 year ago Techtarget.com
5 Questions to Ask Before Backing the TikTok Ban - With strong bipartisan support, the U.S. House voted 352 to 65 to pass HR 7521 this week, a bill that would ban TikTok nationwide if its Chinese owner doesn't sell the popular video app. The TikTok bill's future in the U.S. Senate isn't yet clear, ...
1 year ago Eff.org
Montana Loses in US Court - States can't just ban apps, says federal judge. The judge ruled the state can't stop app stores offering an app. How would you even enforce a statewide ban? In today's SB Blogwatch, we ponder the great firewall of Montana. "Paternalistic ...
1 year ago Securityboulevard.com
EU Opens Official Probe of TikTok Over Content, Minors, Privacy - The European Commission is once again turning its attention to TikTok, announcing a wide-ranging investigation into the China-based social media site over concerns about the addictive nature of its site and content, possible harm to minors, and data ...
1 year ago Securityboulevard.com
European firms urge China to give more clarity on data transfer laws - AP Moeller - Maersk A/S Siemens AG BEIJING, Nov 15 - European firms "Urgently" need China to give clearer definitions of key terms in its cross-border data transfer rules, a European business lobby group said on Wednesday, warning firms also stood to ...
1 year ago Reuters.com
EFF Urges Ninth Circuit to Hold Montana's TikTok Ban Unconstitutional - Montana's TikTok ban violates the First Amendment, EFF and others told the Ninth Circuit Court of Appeals in a friend-of-the-court brief and urged the court to affirm a trial court's holding from December 2023 to that effect. Montana's ban prohibits ...
1 year ago Eff.org
ByteDance CEO and EFF are BFFs - Shou Zi Chew plays for time, while Electronic Frontier Foundation says TikTok-kill bill is DOA. As the House bill to force ByteDance to divest TikTok gains momentum, the EFF weighs in against it. In a nutshell, the foundation's argument is: We need ...
1 year ago Securityboulevard.com
Congress Should Give Up on Unconstitutional TikTok Bans - TAKE ACTION. TELL CONGRESS: DON'T BAN TIKTOK. As a first step, H.R. 7521 would force TikTok to find a new owner that is not based in a foreign adversarial country within the next 180 days or be banned until it does so. If deemed a national security ...
1 year ago Eff.org
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
7 months ago Aws.amazon.com
TikTok's Security Threats Go Beyond the Scope of House Legislation - March 13, 2024 - In Breaking News - The New York Times In a capital where Republicans and Democrats agree on virtually nothing, it was notable when the House overwhelmingly declared on Wednesday that TikTok poses such a grave risk to national ...
1 year ago Americansecuritytoday.com
EU Launches Investigation Into TikTok Over Privacy Concerns - The EU has opened an investigation into TikTok over concerns around the protection of minors, advertising policy and privacy. The European Commission announced on February 19 that it was opening formal proceedings to assess whether the social media ...
1 year ago Infosecurity-magazine.com
TikTok To Restart Indonesia Sales With Tokopedia Investment - ByteDance-owned TikTok to restart Indonesia e-commerce sales with Tokopedia investment after shutting down Tik Tok Shop in October. ByteDance-owned social media platform TikTok is to invest some $1.5 billion in Indonesian e-commerce platform ...
1 year ago Silicon.co.uk
Victory! Montana's Unprecedented TikTok Ban is Unconstitutional - A federal court on Thursday blocked Montana's effort to ban TikTok from the state, ruling that the law violated users' First Amendment rights to speak and to access information online, and the company's First Amendment rights to select and curate ...
1 year ago Eff.org
Microsoft Cloud Users Store Personal Data In Europe - In effort to resolve privacy worries, Microsoft is to allow its cloud customers to store all personal data within EU. Microsoft has confirmed that it will allow cloud customers to store all their personal data within the European Union, in an effort ...
1 year ago Silicon.co.uk
Apple fined €150 million over App Tracking Transparency issues - Autorité de la concurrence, France's antitrust watchdog, has fined Apple €150 million ($162 million) for using the App Tracking Transparency privacy framework to abuse its dominant market position in mobile app advertising on its devices. ...
1 month ago Bleepingcomputer.com
Cyber Insights 2023: The Geopolitical Effect - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. The Russia/Ukraine war that started in early 2022 has been mirrored by a ...
2 years ago Securityweek.com
UK watchdog probes TikTok and Reddit over child privacy concerns - The privacy watchdog also fined TikTok £12.7 million ($15.9 million) in April 2023 for data protection law breaches, including using data belonging to children under 13 without parental consent. On Monday, the United Kingdom's privacy watchdog ...
2 months ago Bleepingcomputer.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
Pro-China campaign targeted YouTube with AI avatars The Register - Think tank Australian Strategic Policy Institute last week published details of a campaign that spreads English language pro-China and anti-US narratives on YouTube. The campaign, which ASPI calls Shadow Play, includes 30 YouTube channels that have ...
1 year ago Go.theregister.com Rocke
CVE-2022-49006 - In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that ...
7 months ago Tenable.com
How 'Big 4' Nations' Cyber Capabilities Threaten the West - COMMENTARY. There are four nations deemed by the US and UK governments to pose the greatest threat to the West. Russia's cyber-threat activities are primarily focused on offensive cyber operations, China's are focused on cyber espionage, Iran's on ...
1 year ago Darkreading.com
EU's Didier Reyon Warns TikTok CEO to Comply with New Digital Rules - EU Commissioner Didier Reyon warned the CEO of social media company TikTok to comply with new digital rules proposed in the European Union. ...
2 years ago Securityweek.com
Localization Mandates, AI Regs to Pose Major Data Challenges in 2024 - Companies should expect to face a trio of trends in 2024 that make data security, protection, and compliance more critical to operations and risk reduction. Increasingly, governments worldwide are creating laws that govern the handling of data within ...
1 year ago Darkreading.com