The Irish Data Protection Commission (DPC) has fined TikTok €530 million (~$600M) over concerns regarding the platform’s transfers of EU users’ personal data to China and transparency failures. 

The decision, announced Friday by Ireland’s lead privacy regulator, includes an order requiring TikTok to bring its processing into compliance within six months or face suspension of data transfers to China.

The regulator determined that TikTok infringed the General Data Protection Regulation (GDPR) by failing to “verify, guarantee and demonstrate” that EU users’ personal data remotely accessed by staff in China was afforded protection equivalent to EU standards.

Data Transfer Violations and Transparency Issues

The bulk of the penalty—€485 million—addresses TikTok’s violation of Article 46(1) of the GDPR regarding data transfers. The remaining €45 million relates to transparency failures under Article 13(1)(f) between July 2020 and December 2022, when TikTok’s privacy policy failed to specify China as a recipient country and didn’t explain that processing included remote access to data by China-based personnel.

“TikTok’s failure to adequately assess the level of protection provided by Chinese law and practices… prevented TikTok from verifying and guaranteeing an essentially equivalent level of protection,” the DPC stated in its decision.

TikTok contests the findings and plans to appeal. The company argues it has used the EU’s legal framework, specifically standard contractual clauses, to grant limited remote access. TikTok also maintains that the decision fails to fully consider security measures implemented since 2023, including dedicated European data centers under “Project Clover.”

Misleading Information Discovered

The DPC also revealed that TikTok provided inaccurate information during the four-year inquiry. While TikTok maintained it did not store EU user data on servers in China, the company disclosed in April 2025 that it had discovered limited EU user data stored on Chinese servers in February, which has since been deleted.

Other Tech Companies Face EU Penalties

This ruling follows recent actions against other major tech companies. In April, the European Commission imposed significant fines on Apple (€500 million) and Meta (€200 million) for violating the Digital Markets Act, marking the first penalties under the bloc’s new digital competition rules. 

Apple was penalized for preventing app developers from informing users about alternative purchasing options, while Meta faced sanctions for its “consent or pay” model on Facebook and Instagram.