TikTok fined € 530 million for transferring personal data to China

On 2 May 2025, the Irish Data Protection Commission (DPC) imposed a fine of €530 million on TikTok for violations of the General Data Protection Regulation (GDPR). The fine was issued to TikTok's parent company, ByteDance, for transferring personal data of European TikTok users to China, where the data is not adequately protected. For example, Chinese authorities could potentially access personal data shared via the TikTok app. Furthermore, TikTok failed to properly inform users that their personal data was being transferred to China.

During the investigation, TikTok told the DPC that no personal data of EU users was stored in China. However, in February 2025, TikTok admitted that a limited set of user data was indeed stored on Chinese servers. The company has since stated that this data has been removed. The DPC has ordered TikTok to demonstrably comply with the GDPR’s rules on international data transfers.

The fact that the DPC has imposed a fine and is requiring TikTok to comply with the law supports TBYP’s decision to hold TikTok accountable for its conduct. One of the claims in TBYP’s collective action concerns the unlawful transfer of children's personal data to China. TBYP hopes that TikTok will not only take action in response to the identified violations, but will also ensure that the TikTok app complies with all other legal obligations.

Read more:

https://www.dataprotection.ie/en/news-media/latest-news/irish-data-protection-commission-fines-tiktok-eu530-million-and-orders-corrective-measures-following

https://www.ft.com/content/434ee8ff-3567-4a11-919f-976710132674

https://www.irishtimes.com/business/2025/05/02/tiktok-fined-530m-by-irish-data-protection-watchdog/