Data Protection Authority
TikTok fined 530 million euros for unlawful data transfers to China
2nd May 2025
The Irish Data Protection Authority (DPC) has fined TikTok a total of 530 million ISK (nearly 80 billion ISK) and ordered corrective measures following violations of the EU's General Data Protection Regulation (GDPR). The fine comes after an investigation into TikTok's transfers of personal data from the European Economic Area (EEA) to China, and its failure to adequately inform users about these transfers.
The investigation by the Irish Data Protection Commission found that TikTok failed to meet its obligations under the General Data Protection Regulation (GDPR), as the company did not ensure that personal data of EEA users accessible from China received a level of protection equivalent to that guaranteed within the EU. Furthermore, TikTok’s transparency towards users was deemed inadequate, particularly during the period from 2020 to 2022.
In April 2025, TikTok disclosed that some user data had in fact been stored on servers in China—contradicting the company’s earlier statements. The Irish Data Protection Commission is taking this matter very seriously.
In addition to the financial penalty, TikTok has been ordered to bring its data processing into compliance with the GDPR within six months; otherwise, data transfers to China will be suspended.
The full statement from the Irish Data Protection Commission can be accessed here.