TikTok Fined €530 Million by EU Over Data Privacy Breaches

Tech
By 24matins.uk published 5 May 2025 at 19h56, updated on 5 May 2025 at 19h56.
Tech

La Commission européenne a condamné TikTok à verser 530 millions d’euros, accusant la plateforme chinoise d’avoir enfreint les règles européennes sur la protection des données personnelles, notamment en ce qui concerne les utilisateurs mineurs.

Tl;dr

  • Record fine for TikTok over GDPR violations.
  • European user data transferred to China unlawfully.
  • Serious transparency failures highlighted by regulators.

Europe’s Record Fine and the Stakes for TikTok

The European Union’s determination to enforce the GDPR was underscored once again this week, as the Irish Data Protection Commission (DPC) imposed a record-breaking financial penalty on TikTok. With a total of 530 million euros, this fine now ranks as the third largest ever issued under the continent’s flagship data protection law, trailing only behind those handed down to Meta Platforms and Amazon. The size of the sanction itself has already raised eyebrows among industry observers—an unmistakable message that European authorities are ramping up scrutiny on digital giants.

The Heart of the Case: Data Transfers to China

Central to this case is the revelation that certain personal data belonging to European users was being stored on servers in China. According to findings published by the DPC, these transfers were carried out without adequate guarantees or user awareness—despite earlier assurances from TikTok’s parent company, ByteDance. Under EU law, exporting data outside its borders requires safeguards comparable to those enshrined in the GDPR, a threshold regulators say was clearly not met. Perhaps more worryingly, there had been no substantial assessment of how Chinese legislation might affect users’ rights—a point described as « materially divergent from European standards », in the words of Graham Doyle, deputy commissioner at the DPC.

Yet it isn’t just unauthorized transfers that have landed TikTok in hot water. Regulatory scrutiny also fell squarely on its transparency practices—or lack thereof. Back in 2021, the social network’s privacy policy failed to spell out either that China was a potential destination for European data or precisely how such information would be handled. The fallout: an additional penalty of 45 million euros levied specifically for failing to provide clear information. Combined with fines related to unlawful transfers (485 million), the total sum places TikTok under exceptional regulatory pressure.

Several elements explain why this case resonates beyond its headline figures :

  • The fine targets both procedural lapses and structural compliance issues.
  • The investigation exposed a gap between corporate statements and technical reality.
  • This ruling could set a precedent for future cross-border data disputes.

    • TikTok’s Response and Europe’s Ongoing Vigilance

    While TikTok claims to have deleted the contested datasets, European regulators remain unconvinced. As Graham Doyle put it: « The matter is being taken extremely seriously », with further action possible in partnership with other EU bodies. For its part, TikTok contends that it has never received any official request from Chinese authorities about European users’ information, pledging to appeal what it sees as an unfair judgment.

    Ultimately, while only time will reveal whether this hefty sanction will alter global industry practices, one thing seems clear: Europe intends to hold Big Tech accountable—even when it means confronting international heavyweights like TikTok.