TikTok, the popular Chinese-owned social media platform, has been slapped with a massive 530 million euro fine (approximately Ksh.77 billion or $600 million) by the European Union for mishandling personal data. The fine follows accusations that the platform unlawfully transferred European users’ data to China, violating strict EU data protection laws.
The ruling, issued by Ireland’s Data Protection Commission (DPC), is the second largest fine ever imposed by the EU and is the result of an investigation into TikTok’s data transfer practices. The platform, which boasts 1.5 billion users worldwide, is accused of failing to ensure that the data was protected from potential access by Chinese authorities.
TikTok acknowledged during the probe that it had hosted European data in China, which directly contradicted its previous claims. The DPC stated that TikTok did not adequately safeguard the personal data of European users, particularly by failing to prevent Chinese authorities from accessing it under laws such as anti-terrorism and counter-espionage statutes that diverge significantly from EU regulations.
In response to the ruling, TikTok has vehemently denied any wrongdoing. Christine Grahn, a representative for TikTok Europe, reiterated that the platform “has never provided European user data” to Chinese authorities. The company has indicated its intent to appeal the decision, insisting that it has complied with European standards regarding data protection.
This fine is part of a broader scrutiny of TikTok by Western governments over concerns that personal data could be misused by the Chinese government for espionage or propaganda purposes. The fine also stems from TikTok’s failure to be transparent about its data transfers. Between 2020 and 2022, the platform failed to inform users where their data was being sent or that it could be accessed from China.
As part of the ruling, TikTok has been ordered to align its data practices with EU standards within six months, ensuring that future data transfers comply with the General Data Protection Regulation (GDPR). The company is expected to face further regulatory challenges as it continues to operate in Europe.
