A European Union privateness watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation discovered that the video sharing app’s knowledge transfers to China put customers vulnerable to spying, in breach of strict EU knowledge privateness guidelines.
Eire’s Knowledge Safety Fee additionally sanctioned TikTok for not being clear with customers about the place their private knowledge was being despatched and ordered the corporate to adjust to the foundations inside six months.
The Irish nationwide watchdog serves as TikTok’s lead knowledge privateness regulator within the 27-nation EU as a result of the corporate’s European headquarters is predicated in Dublin.
“TikTok did not confirm, assure and display that the private knowledge of (European) customers, remotely accessed by employees in China, was afforded a stage of safety basically equal to that assured throughout the EU,” Deputy Commissioner Graham Doyle stated in an announcement.
TikTok stated it disagreed with the choice and plans to attraction. The corporate stated in a weblog put up that the choice focuses on a “choose interval” ending in Could 2023, earlier than it launched into a knowledge localization challenge known as Mission Clover that concerned constructing three knowledge facilities in Europe.
“The details are that Mission Clover has a few of the most stringent knowledge protections wherever within the trade, together with unprecedented unbiased oversight by NCC Group, a number one European cybersecurity agency,” stated Christine Grahn, TikTok’s European head of public coverage and authorities relations. “The choice fails to completely take into account these appreciable knowledge safety measures.”
TikTok, whose mother or father firm ByteDance is predicated in China, has been beneath scrutiny in Europe over the way it handles private info of its customers amid issues from Western officers that it poses a safety threat over consumer knowledge despatched to China.
Story continues under this advert
In 2023, the Irish watchdog additionally fined the corporate a whole bunch of thousands and thousands of euros in a separate baby privateness investigation. The Irish watchdog stated its investigation discovered that TikTok failed to deal with “potential entry by Chinese language authorities” to European customers’ private knowledge beneath Chinese language legal guidelines on anti-terrorism, counterespionage, cybersecurity and nationwide intelligence that had been recognized as “materially diverging” from EU requirements.
Grahn stated TikTok has “has by no means acquired a request for European consumer knowledge from the Chinese language authorities, and has by no means supplied European consumer knowledge to them.” Below the EU guidelines, often known as the Common Knowledge Safety Regulation, European consumer knowledge can solely be transferred outdoors of the bloc if there are safeguards in place to make sure the identical stage of safety.
Grahn stated TikTok strongly disagreed with the Irish regulator’s argument that it didn’t perform “mandatory assessments” for knowledge transfers, saying it sought recommendation from legislation corporations and specialists. She stated TikTok was being “singled out” despite the fact that it makes use of the “similar authorized mechanisms” that hundreds of different corporations in Europe does and its method is “in line” with EU guidelines.
The investigation, which opened in September 2021, additionally discovered that TikTok’s privateness coverage on the time didn’t identify third international locations, together with China, the place consumer knowledge was transferred. The watchdog stated the coverage, which has since been up to date, failed to clarify that knowledge processing concerned “distant entry to private knowledge saved in Singapore and the US by personnel based mostly in China.”
Story continues under this advert
TikTok faces additional scrutiny from the Irish regulator, which stated that the corporate had supplied inaccurate info all through the inquiry by saying that it didn’t retailer European consumer knowledge on Chinese language servers. It wasn’t till April that it knowledgeable the regulator that it found in February that some knowledge had in truth been saved on Chinese language servers.
Doyle stated that the watchdog is taking the latest developments “very significantly” and “contemplating what additional regulatory motion could also be warranted.”