The Irish Data Protection Commission (DPC) fined TikTok €530 million ($600 million) on Friday for breaching EU data privacy laws by transferring European users’ data to China without adequate safeguards.

The four-year investigation, launched in September 2021, found TikTok violated the General Data Protection Regulation (GDPR) by failing to ensure data accessed by Chinese staff matched EU protection standards. The DPC ordered TikTok to comply within six months or face a suspension of data transfers to China.

The probe revealed TikTok’s lack of transparency, as its privacy policy omitted that data stored in Singapore and the US was remotely accessed by China-based personnel.

Also Read: Ullu App Removes 'House Arrest' Amid Uproar over Explicit Content

The DPC also criticized TikTok for initially denying storage of European data on Chinese servers, only admitting in April 2025 that some data was stored there since February. Deputy Commissioner Graham Doyle called this “very serious,” hinting at further action.

TikTok, owned by China’s Byte vireDance, plans to appeal, arguing it uses standard EU legal mechanisms like thousands of other firms.

Christine Grahn, TikTok’s European policy head, emphasized Project Clover’s robust data protections, including oversight by NCC Group, and denied ever sharing European data with Chinese authorities. The fine, one of the DPC’s largest after penalties on Amazon (€746M) and Meta (€1.2B), follows a 2023 €345M fine for child privacy violations.

Also Read: "PM Modi Is a Tough Negotiator!" JD Vance Sees Swift India-US Deal