backThe Irish Data Protection Commission (DPC) has announced its final decision in an inquiry into TikTok, examining the legality of transferring personal data of users in the EEA to China. The DPC found that TikTok violated the General Data Protection Regulation (GDPR) by failing to ensure that user data was adequately protected, as required by EU law. The investigation also identified issues with TikTok’s transparency in informing users about these transfers. As a result, TikTok was fined €530 million and ordered to bring its processes into compliance with the GDPR within six months, or face suspension of data transfers to China.
The inquiry revealed that TikTok failed to demonstrate that user data was protected to an equivalent standard to EU law, particularly with regard to Chinese laws such as the Anti-Terrorism and Counter-Espionage Laws. Additionally, TikTok submitted incorrect information during the inquiry, later admitting that some EEA user data had been stored on servers in China, contradicting previous statements. The DPC also considered TikTok’s updated privacy policy, which in 2022 clarified data transfers, but noted that the lack of transparency continued until December 2022, leading to an additional €45 million fine.
share
