TikTok hit with €530 million EU fine over data transfers to China 🔒

Cliquez ici pour lire en français

TikTok has been slapped with a €530 million ($572 million) fine by the European Union for violating data protection rules—one of the biggest penalties ever handed out under the GDPR. The platform is accused of transferring personal data to China without proper safeguards or transparency, raising serious concerns around digital sovereignty and privacy in Europe.

One of the largest GDPR fines on record 💰

On May 2, 2025, Ireland’s Data Protection Commission (DPC), acting on behalf of the EU, issued the fine against TikTok, a subsidiary of China-based ByteDance. According to the DPC, TikTok failed to demonstrate that European user data remained adequately protected when accessed from China.

At the heart of the issue is TikTok’s lack of sufficient guarantees to prevent potential access by Chinese authorities—a key requirement under the EU’s General Data Protection Regulation (GDPR). Companies transferring data outside the EU are obligated to prove that it receives the same level of protection as it would within the bloc.

Investigators flag opaque practices 🕵️

The DPC launched its investigation in 2021 and found that, between 2020 and 2022, TikTok did not clearly inform users that their personal data could be viewed from China or disclose which countries it was being transferred to. This lack of transparency alone accounts for €45 million of the total fine.

In April 2025, the company admitted to temporarily storing some user data in China—contradicting earlier public statements. TikTok says the data has since been deleted.

TikTok defends itself with its ‘Clover’ data initiative 🛡️

TikTok says it plans to appeal the decision and insists it has never received a request from Chinese authorities for European user data, nor has it shared such data with them. As part of its defense, the company is highlighting its European data security initiative, Project Clover.

The program includes a €12 billion, 10-year investment to localize data storage through centers in Ireland, Norway, and the United States. TikTok says employees based in China have no access to so-called “restricted data,” including IP addresses and phone numbers.

Trust in TikTok keeps eroding 🌍

The ruling further fuels growing distrust among Western regulators toward TikTok. It follows a string of hefty fines against tech giants for GDPR violations. In 2023, Meta was fined a record €1.2 billion for transferring user data to the U.S.

As regulators ramp up enforcement, global platforms are under increasing pressure to comply with Europe’s strict privacy and digital sovereignty standards.

What do you think ?
Can TikTok win back the trust of European regulators—and its users? Let us know your thoughts in the comments.