Ireland imposes a fine of $601 million on TikTok for transmitting user data

The Irish Data Protection Commission (DPC) has imposed a fine of 530 million EUR on TikTok for illegally transferring European user data to China and misleading supervisory authorities. TikTok initially claimed it did not store European user data in China, but then admitted in April 2025 that some data had been stored there. The investigation initiated in 2021 found that TikTok violated the General Data Protection Regulation (GDPR) by failing to ensure that data accessed by employees in China was protected at EU level. The Irish supervisory authority also stated that TikTok failed to assess the risks under Chinese law that could allow government access to user data. In addition to the fine, TikTok has six months to align its data practices. Otherwise, data transfer to China will be suspended. "TikTok has failed to verify, guarantee, and demonstrate that the personal data of (European) users accessed remotely by employees in China enjoys a level of protection essentially equivalent to that guaranteed in the EU," said Graham Doyle, Deputy Commissioner of the Irish Data Protection Commission. TikTok disagrees with the ruling and plans to appeal. The company emphasizes that it has never shared European user data with Chinese authorities. The platform cited its ongoing Project Clover initiative, which stores EU user data in Ireland and Norway under strict supervision, as evidence of its strict security measures. However, the Data Protection Commissioner concluded that these changes do not eliminate the need for enforcement of the General Data Protection Regulation.