HQ/EMEAFind out how we can help your business
The TikTok fine saga has taken a new turn, with the popular video-sharing app receiving a €530 million (£454 million) penalty from Ireland’s Data Protection Commission (DPC) for violating the European Union’s data protection regulations.
According to the findings, TikTok moved user personal data from the European Economic Area (EEA) to China without putting in place the legal protections required by the General Data Protection Regulation (GDPR).
According to the DPC, TikTok lacked transparency in informing both users and authorities about where and how it stored data. Although the company initially denied that any EEA user data was stored in China, it acknowledged in early 2025 that a small amount had indeed been kept on Chinese servers. Even though TikTok claimed that this data has since been removed, the DPC concluded that the platform’s handling of user information still did not meet GDPR compliance.
This TikTok fine marks the company’s second major penalty under GDPR rules.
In 2023, TikTok received a €345 million penalty for improperly handling children’s personal data under GDPR regulations. The latest ruling underscores growing concerns about data privacy, especially surrounding international data flows between Europe and China.
TikTok has been given six months to bring its data transfer practices into full compliance with EU regulations or face further penalties. In response, the company announced plans to appeal the decision. It also highlighted its “Project Clover” initiative, a €12 billion investment intended to host European data within newly built data centres across the region. According to TikTok, this effort demonstrates its ongoing commitment to data protection and regulatory compliance.
Despite these efforts, the TikTok fine raises serious questions about how tech companies handle sensitive user data, particularly when foreign governments may have access to it. With public scrutiny and regulatory pressure mounting, the future of data governance for international platforms like TikTok is under the spotlight.
As the EU continues to enforce GDPR rules more strictly, this case must be a warning to other global tech firms that compliance is non-negotiable. The TikTok fine not only carries financial consequences but also sends a strong message about the importance of user privacy.
