The Irish Data Protection Commission (DPC) has issued a landmark €530 million (approx $600 million) fine against TikTok Technology Limited (TTL) following an extensive inquiry in the handling of personal data of users of the TikTok platform in the EEA to the People’s Republic of China (“China”).
- Deadline for the Compliance
- Company to Appeal
Deadline for the Compliance
The decision also imposes a six-month deadline for the popular short video-sharing app to bring its processing into full compliance with EU law. If the company fails to meet this timeframe, it could face a suspension of all transfers of EEA user data to China.
According to DPC’s investigation, TikTok , owned by Chinese tech giant ByteDance, failed to adequately protect the personal data of EU users accessed by employees in China as required within the EU.
The DPC added that TikTok claimed throughout the inquiry that it did not store EEA User Data on servers located in China. However, in April 2025, TikTok disclosed that it had discovered in February 2025 that some EEA data had, in fact, been stored on Chinese servers, contradicting the company’s previous statements.
“The DPC is taking these recent developments regarding the storage of EEA User Data on servers in China very seriously. Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities,” Doyle added.
Christine Grahn, TikTok’s Head of Public Policy & Government Relations for Europe, responded by stating that the company disagrees with the DPC’s decision and it has never provided European user data to Chinese authorities and used standard legal mechanisms for data transfers.
Company to Appeal
The company also plans to appeal the decision, arguing that it does not adequately take into account the significant data security improvements introduced through TikTok’s new “Project Clover”, a data governance initiative aimed at improving compliance.
