We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.


TikTok fined €530m over data transfers to China
02 May 2025 data law Print

TikTok fined €530m over data transfers to China

The data-protection watchdog has fined TikTok €530 million after an inquiry found that the platform’s transfers of European users’ data to China breached EU rules. 

The probe by the Data Protection Commission (DPC) also found that TikTok infringed the GDPR’s transparency requirements, which oblige it to provide users with information on such data transfers. 

The DPC has also ordered TikTok to bring its data-processing into compliance with the GDPR within six months.

Further action 

Its decision also includes an order suspending TikTok’s transfers to China if processing is not brought into compliance within this timeframe. 

The watchdog is also looking into whether it needs to take further action on inaccurate information that TikTok provided to the inquiry. 

“TikTok’s personal-data transfers to China infringed the GDPR because the platform failed to verify, guarantee, and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” DPC deputy commissioner Graham Doyle said. 

“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage, and other laws identified by TikTok as materially diverging from EU standards,” he added. 

Servers in China 

The data watchdog said that TikTok had initially told the inquiry that it did not store EEA user data on servers located in China. 

In April 2025, however, the platform told the DPC of an issue that it had discovered in February 2025, where limited EEA user data had been stored on servers in China, contrary to TikTok’s evidence to the Inquiry. 

“The DPC is taking these recent developments regarding the storage of EEA user data on servers in China very seriously,” said Doyle. 

“Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU data-protection authorities,” he concluded. 

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland
Copyright © 2025 Law Society Gazette. The Law Society is not responsible for the content of external sites – see our Privacy Policy.