X
  • Tech
  • Online Services
  • Services & Software

TikTok Fined $600M Over Europe's Fears of China Surveilling People's Data

TikTok disputes the claim it hasn't adequately protected people's personal data, and has said it plans to appeal.

Headshot of Katie Collins
Headshot of Katie Collins
Katie Collins Principal Writer
Katie is a UK-based news reporter and features writer. Officially, she is CNET's European correspondent, covering tech policy and Big Tech in the EU and UK. Unofficially, she serves as CNET's Taylor Swift correspondent. You can also find her writing about tech for good, ethics and human rights, the climate crisis, robots, travel and digital culture. She was once described a "living synth" by London's Evening Standard for having a microchip injected into her hand.
Katie Collins
2 min read
TikTok app on a smartphone

TikTok has been ordered to suspend data transfers to China if it fails to comply with European privacy laws.

 Getty Images/Amy Kim/CNET

TikTok will need to reach deep into its pockets after the Irish data watchdog hit the social video platform with a massive 530 million euro ($600 million) fine on Friday. 

Ireland's Data Protection Commission charged the company with violating Europe's strict privacy laws by not doing enough to ensure that anyone's data transferred to China is properly protected from government surveillance. The DPC also said that if TikTok doesn't make changes to comply with its ruling within six months, it will have to completely suspend data transfers to China.

TikTok failed to verify, guarantee and demonstrate that it was adequately protecting people's personal data that could be remotely accessed by staff in China, DPC Deputy Commissioner Graham Doyle said in a statement. "As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards," he added.

Read more: Best Identity Theft Protection for 2025

The EU's General Data Protection Regulation, which came into effect in 2018, means that people in Europe benefit from strong privacy protections. When companies are found to be breaking the rules, they can receive fines of up to 20 million euros or 4% of their annual turnover, whichever is greater. The GDPR has formed the basis of other data privacy rules around the world, including California's Consumer Privacy Act. The intention behind these rules is to guarantee people transparency over how their data is used, and to empower them to object when it's used in ways they don't approve of.

In the case of TikTok and the EU, the company has said that it's never received any specific requests for European user data from the Chinese government. It believes that the period the fine applies to precedes 2023, when it put in place a 12 billion euro data security initiative in the EU called Project Clover.

"The decision fails to fully consider these considerable data security measures," said Christine Grahn, TikTok's head of public policy and government relations for Europe in a statement. "We disagree with this decision and intend to appeal it in full."