TikTok was fined 530 million euros by the EU privacy watchdog on Friday for failing to adequately protect user data, and the company was ordered to make its data processing compliant within six months. In addition, if TikTok fails to make its data processing compliant within this period, the decision also requires TikTok to suspend the transfer of data to China.
The Irish Data Protection Commission [DPC] said that ByteDance-owned TikTok failed to demonstrate that the personal data of EU users, some of which is accessed remotely by Chinese employees, received the high level of protection required by EU law.
In a statement, the Irish Data Protection Commission said that as a result, TikTok did not address the issue of how China may access data under domestic laws and other laws that TikTok considers to have substantial differences from EU standards.
TikTok strongly opposed this ruling and stated that it had strictly controlled and restricted remote access through the EU's own legal framework, particularly the "EU Standard Contractual Clauses" [SCC]. TikTok plans to appeal this ruling.
TikTok also noted that this ruling does not fully consider the data security measures introduced in 2023, which include independent monitoring of remote access and ensuring that the personal data of EU users is stored in dedicated data centers in Europe and the United States.
In recent years, TikTok has rapidly gained popularity among teenagers worldwide and has 175 million users in Europe.
TikTok said in a statement: "This ruling could set a precedent with far-reaching implications for European companies and the entire industry operating globally."
The Irish Data Protection Commission also found that although TikTok consistently stated during a four-year investigation that no data of EU users was stored on servers in China, the platform disclosed last month that a small amount of data was found to be stored in China in February this year and these data were subsequently deleted.
Deputy Commissioner Doyle of the Irish Data Protection Commission said: "Under the EU General Data Protection Regulation, when personal data is transferred to another country, the high level of protection provided within the EU must continue. TikTok's transfer of personal data to China violates the EU General Data Protection Regulation because TikTok failed to verify, ensure, and prove that the personal data of users in the European Economic Area accessed remotely by Chinese employees received essentially equivalent protection to that within the EU."
Doyle added: "Because TikTok did not conduct the necessary assessments, TikTok did not address the issue of how Chinese authorities may obtain personal data of users in the European Economic Area under anti-terrorism, counter-espionage, and other laws that TikTok considers to have substantial differences from EU standards."
Doyle pointed out: "The Irish Data Protection Commission takes the recent developments regarding the storage of personal data of users in the European Economic Area on Chinese servers very seriously. Although TikTok has informed the Irish Data Protection Commission that the data has been deleted, we are consulting with EU data protection agencies to consider taking further regulatory actions."
This is TikTok's second penalty from the Irish Data Protection Commission. In 2023, TikTok was fined 345 million euros for violating EU privacy laws concerning the handling of children's personal data.
The Irish Data Protection Commission is the primary supervisory authority for many of the world's top technology companies in the EU, as their European headquarters are located in the country. Since obtaining sanctioning authority in 2018, the agency has also imposed fines on companies such as Microsoft's LinkedIn, X [formerly Twitter], and Facebook parent company Meta.
According to the EU General Data Protection Regulation [GDPR], which also covers Iceland, Liechtenstein, and Norway as members of the European Economic Area, any company's lead supervisory authority can impose a fine of up to 4% of global revenue.
Source: rfi
Original article: https://www.toutiao.com/article/7499860869422236201/
Disclaimer: This article solely represents the author's views. Please express your attitude by clicking the "Agree/Disagree" buttons below.