TikTok was fined 530 million euros ($600 million) by its lead EU privacy regulator on Friday over concerns on how it protects user information and was ordered to suspend data transfers to China if its processing is not brought into compliance within six months.
Ireland's Data Protection Commissioner (DPC) said TikTok, owned by China's ByteDance, failed to show that EU users' personal data, some of which is remotely accessed by staff in China, was afforded the high level of protection provided for under EU law.
As a result, the short-video platform did not address potential access by Chinese authorities to the data under counter-espionage and other laws identified by TikTok as materially diverging from EU standards, the DPC said in a statement.
TikTok said it strongly contested the finding and that it has used the EU's own legal framework, specifically so-called standard contractual clauses, to grant tightly controlled and limited remote access. It plans to appeal the ruling.
It also said the decision fails to fully consider data security measures first rolled out in 2023 that independently monitor remote access and ensure EU user data is stored in dedicated data centres in Europe and the United States.
TikTok, which has grown rapidly among teenagers around the world in recent years and has 175 million users across Europe, added that it has never received a request for EU user data from the Chinese authorities, and has never provided data to them.
"This ruling risks setting a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale," TikTok said in a statement.
The DPC also found that while TikTok said throughout the four-year inquiry that it did not store EU user data on servers in China, it disclosed last month that it discovered in February that a limited amount was stored in China and since deleted.
"The DPC is taking these recent developments very seriously. We are considering what further regulatory action may be warranted," DPC Deputy Commissioner Graham Doyle said.
It is the second time TikTok has been reprimanded by the DPC. It was fined 345 million euros in 2023 for breaching privacy laws regarding the processing of children's personal data in the EU.
The powerful Irish privacy regulator, the lead regulator in the EU for many of the world's top tech firms due to the location of their regional headquarters in Ireland, has also fined the likes of Microsoft's , X and Meta since it was given sanctioning powers in 2018.
Under the EU's General Data Protection Regulation (GDPR), that also covers European Economic Area member states Iceland, Liechtenstein and Norway, the lead regulator for any given company can impose fines of up to 4% of its global revenue.
($1 = 0.8827 euros)
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
Track Latest News Live on NDTV.com and get news updates from India and around the world
