BRUSSELS — TikTok has been slapped with a record €530 million ($600 million) fine by the European Union for transferring European user data to China and failing to guarantee adequate protections against access by Chinese authorities. The decision intensifies global scrutiny of the popular social media platform, already under mounting pressure in the United States and other Western nations.
The ruling was issued by Ireland’s Data Protection Commission (DPC), the lead EU regulator for TikTok, which has its European headquarters in Dublin. The investigation concluded that the company, owned by Chinese tech giant ByteDance, allowed personal data of EU users to be remotely accessed by staff in China, without ensuring protections equivalent to those mandated by EU law.
“TikTok failed to verify, guarantee and demonstrate that European users’ personal data was properly protected from access under Chinese laws,” said DPC deputy commissioner Graham Doyle. He added that TikTok did not adequately address the risk of data exposure under Chinese anti-terrorism and counter-espionage laws that diverge from European privacy standards.
The fine includes €45 million specifically related to TikTok’s lack of transparency between 2020 and 2022, when users were not clearly informed that their data could be accessed from China or where it was being transferred.
TikTok has rejected the findings and announced plans to appeal. “We have never provided European user data to Chinese authorities, nor received any such requests,” said Christine Grahn of TikTok Europe.
The DPC’s order also gives TikTok six months to bring its data handling practices into compliance. If it fails to do so, cross-border data transfers to China could be suspended.
This is not the first time the platform has faced regulatory action in Europe. In 2023, the DPC fined TikTok €345 million for violations related to the processing of children's data. Friday’s ruling marks one of the largest data protection fines under the EU’s General Data Protection Regulation (GDPR).
The penalty is expected to increase pressure on TikTok in the U.S., where the company faces a potential ban unless its parent company divests. In 2024, Congress passed a law requiring ByteDance to sell its U.S. operations by June 19 or face expulsion. TikTok has 170 million American users.
Beyond data concerns, the app has also faced criticism for algorithmic opacity, spreading misinformation, and failing to curb harmful content. Several countries, including Pakistan, Nepal, and France (in New Caledonia), have imposed bans on the app in recent years.
In response to European concerns, TikTok launched a €12 billion “Clover” data initiative, pledging to store EU data in Norway, Ireland, and the U.S., and restrict access to sensitive information like IP addresses. But the DPC said that TikTok only disclosed in April 2025 that European data had been stored—and later deleted—in China, contradicting earlier claims.
As the platform navigates mounting legal and political challenges on both sides of the Atlantic, Friday’s fine signals a growing consensus: TikTok must do more to earn trust where it wants to operate.