Following the national security-driven ban in the US, TikTok has been handed a $600 million (530 million euros) fine by European regulators.
The ruling came as a result of a four-year investigation that found the app’s data transfers to China put users at risk of spying, in contradiction of EU data privacy rules. The inquiry was handled by Ireland’s Data Protection Commission, due to TikTok’s European headquarters being based in the country. TikTok, which is owned by Chinese company ByteDance, contests the decision and plans to appeal.
This does not mean that the EU has found TikTok complicit in state-sponsored spying, content manipulation, or espionage; it merely means that it broke the EU’s relatively strict cross-country data privacy regulations.
Under the General Data Protection Regulation (GDPR), transfers of EU citizens’ personal data outside the EU—and to several other developed countries like the US, UK, Japan and Israel—are beholden to strict oversight.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” said DPC Deputy Commissioner Graham Doyle.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to European Economic Area (EEA) personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
The threat of data transfers to China was a key part of the US Supreme Court’s decision to ban the app. Lawyers such as US Solicitor General Elizabeth Prelogar argued that the threat of China getting its hands on the data of US citizens was a strong enough reason to ban the app on its own, regardless of the threat of content manipulation by the Chinese government.
Recommended by Our Editors
But steps have already been taken to prevent this from happening; the data of US TikTok users has been stored on servers controlled by enterprise software firm Oracle since June 2022.
Though President Donald Trump’s original 90-day pause on the US TikTok ban was recently extended, the company is still required to divest its US interests if it is to continue operating in America. Though many sources have reported possible buyers, including Oracle and a coalition of billionaires, the ultimate buyer for the app is still unknown.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Will McCurdy
Contributor
