TikTok fined €530 million by Ireland’s watchdog
By Cate McCurry, PA
Irish data protection authorities have fined TikTok €530 million for transferring the European users’ personal data to China, following a long investigation.
The Irish Data Protection Commission (DPC) said it examined the lawfulness of TikTok’s transfer of personal data of its users in Europe to China.
As part of its investigation, it also examined whether the provision of information to users in relation to such transfers met TikTok’s transparency requirements as required by the GDPR.
🔔 Latest News: Irish Data Protection Commission fines TikTok €530 million and orders corrective measures following an inquiry into transfers of EEA user data to China.
Press Release 🔗 https://t.co/d4jNVux18y pic.twitter.com/15jE1dKVXw— Data Protection Commission Ireland (@DPCIreland) May 2, 2025
The decision includes administrative fines totalling €530 million and an order requiring TikTok to bring its processing into compliance within six months.
The decision also includes an order suspending TikTok’s transfers to China if processing is not brought into compliance within this timeframe.
Throughout the inquiry, TikTok denied that it stored European users’ data on servers located in China.
However, last month TikTok told the DPC of an issue that it had discovered in February 2025 where limited data had been stored on servers in China, contrary to TikTok’s evidence to the inquiry.
TikTok informed the DPC that this discovery meant it had provided inaccurate information.
DPC deputy commissioner Graham Doyle said: “The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
The DPC submitted a draft decision to the GDPR cooperation mechanism on February 21, as required under Article 60 of the GDPR.
Mr Doyle added: “The DPC is taking these recent developments regarding the storage of EEA User Data on servers in China very seriously.
“Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities.”
The DPC will publish the full decision and further related information in due course.
