TikTok has been hit with a massive £450 million fine by European Union privacy regulators after a long investigation into how it handled user data. The investigation found that TikTok sent personal data of users to China, breaking EU privacy laws.
Ireland’s Data Protection Commission, which oversees TikTok in Europe because the company’s regional office is in Dublin, also criticized the platform for not clearly informing users about where their data was going. The commission gave TikTok six months to fix these issues.
Deputy Commissioner Graham Doyle said that TikTok couldn’t prove that the data accessed by staff in China was protected at the same level as required under EU laws. This lack of security was a major reason for the fine.
TikTok disagrees with the decision and has said it plans to appeal. The company claims that the investigation focused on old practices, specifically before May 2023, and doesn’t reflect recent improvements.
To address data protection concerns, TikTok launched “Project Clover” – an initiative aimed at storing European data in local data centers within the EU. The company says this project has strong privacy safeguards and is overseen by an independent cybersecurity company, NCC Group.
TikTok’s European policy head, Christine Grahn, insists that the company has never received or responded to any data request from Chinese authorities. She also said TikTok has never shared European user data with China.
Even so, the app remains under close watch in Europe. Governments are especially concerned about the possibility of China accessing personal data, due to strict Chinese laws on national security, cybersecurity, and surveillance.
In 2023, TikTok was already fined hundreds of millions of euros for another privacy issue involving children. This latest fine adds more pressure on the platform to prove it can handle user data responsibly.
The Irish watchdog also discovered that TikTok wasn’t fully honest during the investigation. Although the company initially said it didn’t store European data on Chinese servers, it later admitted that some data had been stored there as recently as February.
