Irish Privacy Watchdog Fines TikTok $600 Million for GDPR Breaches
TikTok's transfer of Europeans' personal data to China violated the EU General Data Protection Regulation (GDPR), the Irish Data Protection Commission (DPC) announced Friday. It fined the social media platform $600 million (530 million euros) and ordered it to clean up its act within six months or face suspension of its data transfers to China. TikTok said it will appeal.
Sign up for a free preview to unlock the rest of this article
The transfers infringed the GDPR because the company failed to verify, guarantee and demonstrate that the personal data of users in the European Economic Area (EEA), remotely accessed by staff in China, was given a level of protection essentially equivalent to that guaranteed by the EU, said DPC Deputy Commissioner Graham Doyle. The company also breached GDPR transparency requirements related to how it informed users of the transfers to China, he said.
Seen through the lens of tariffs, trade and national security, the decision will be a source of uncertainty for organizations beyond TikTok, emailed IAPP Research Director Joe Jones. Regulatory, geopolitical and industry developments are "carving the world up into greenlisted, redlisted and firewalled blocs for data sharing, making international data transfers a renewed priority and a heightened area of complexity for organisations and policymakers."