The final decision, announced on May 2, 2025, follows an in-depth inquiry by the DPC acting as the lead privacy watchdog for TikTok in the EU.

In a major blow to TikTok, the Irish Data Protection Commission (DPC) has imposed a €530 million (approx ₹4,745 crore) fine on the social media giant for violating European Union data protection laws. The regulator found that TikTok illegally transferred user data from the European Economic Area (EEA) to China and failed to inform users properly, breaching strict GDPR rules.

TikTok’s China connection flagged

The decision also highlighted how TikTok misled the DPC for months by claiming it did not store EEA data on servers in China. But in April 2025, TikTok admitted that some user data had indeed been stored on Chinese servers, a disclosure that came only after the company discovered the issue back in February.

Deputy Commissioner Graham Doyle said, “TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU.”

According to the DPC, TikTok’s remote data access arrangements allowed Chinese staff to access EEA user data without ensuring the level of protection required by EU law. The watchdog cited TikTok’s failure to verify and demonstrate that personal data handled in China received “essentially equivalent” safeguards as those enforced within the EU.

Suspension threat and six-month deadline

Between July 2020 and December 2022, TikTok’s privacy policy failed to name the countries to which EEA data was being transferred, nor did it clearly explain how and where the data was processed, the inquiry found.

This isn’t the first time TikTok’s handling of user data has drawn global scrutiny. The U.S. and several EU countries have already raised concerns over ByteDance’s access to sensitive user information via its Chinese workforce.

The DPC has now ordered TikTok to bring its data processing into full compliance within six months. If it fails to do so, the company risks having its data transfers to China suspended altogether.

Out of the €530 million fine, €485 million was levied for breaching Article 46(1) of the GDPR, which deals with cross-border data transfers. The remaining €45 million was for violating transparency obligations under Article 13(1)(f).

Now, with the DPC’s verdict on record, pressure on TikTok may only grow further.

More details, including the full ruling and implications, are expected to be published by the DPC in the coming days.

Read More:

OnePlus Nord 5 price leaked ahead of expected India launch