1. Forum
  2. Usenet
  3. COMP.OS.LINUX.ADVOCACY

  • =?UTF-8?Q?TikTok_fined_=E2=82=AC530_million_for_sending_European_us?= =

    From CrudeSausage@21:1/5 to All on Fri May 2 09:19:40 2025
    What remains to be seen is whether Westerners will actually react to the
    news that TikTok is doing this with their date.

    <https://www.bleepingcomputer.com/news/security/tiktok-fined-530-million-for-sending-european-user-data-to-china/>

    The Irish Data Protection Commission (DPC) has fined TikTok €530 million (over $601 million) for illegally transferring the personal data of
    users in the European Economic Area (EEA) to China, violating the
    European Union's GDPR data protection regulations.

    The administrative fines imposed by the Irish watchdog consist of a fine
    of €485 million for its infringement of Article 46(1) GDPR regarding the lawfulness of the data transfers to China and a fine of €45 million for
    its infringement of Article 13(1)(f) regarding the lack of transparency.

    TikTok was also ordered to bring its data processing into compliance
    within six months, with the DPC planning to suspend all data transfers
    to China if the company fails to update its policies in time.

    DPC officials pointed out that the issue goes beyond the location of the servers and is also about the risk that Chinese authorities could access
    the data of European users under domestic laws concerning terrorism and espionage, which contravene EU standards.

    "TikTok's personal data transfers to China infringed the GDPR because
    TikTok failed to verify, guarantee and demonstrate that the personal
    data of EEA users, remotely accessed by staff in China, was afforded a
    level of protection essentially equivalent to that guaranteed within the
    EU," said DPC Deputy Commissioner Graham Doyle.

    "As a result of TikTok's failure to undertake the necessary assessments,
    TikTok did not address potential access by Chinese authorities to EEA
    personal data under Chinese anti-terrorism, counter-espionage and other
    laws identified by TikTok as materially diverging from EU standards."

    The DPC added that TikTok claimed during the investigation that it did
    not store users' data from the European Economic Area (EEA) on servers
    located in China.

    However, in April 2025, TikTok revealed that it had discovered in
    February 2025 that some EEA user data had been stored on servers in
    China, contradicting the company's earlier statements.

    "The DPC is taking these recent developments regarding the storage of
    EEA User Data on servers in China very seriously," Doyle said in a
    Friday statement. "Whilst TikTok has informed the DPC that the data has
    now been deleted, we are considering what further regulatory action may
    be warranted, in consultation with our peer EU Data Protection Authorities."

    TikTok to appeal DPC's decision
    However, Christine Grahn, TikTok's Head of Public Policy & Government
    Relations for Europe, said the company disagrees with the DPC's decision
    and that it's planning to appeal it because it fails to consider
    TikTok's new Project Clover data security initiative.

    "Under Project Clover, TikTok has implemented advanced privacy-enhancing technologies (PETs), such as encryption-on-access and differential
    privacy, to ensure that non-restricted data is de-identified before it
    can be accessed by employees in China," Grahn said. "Crucially,
    independent cybersecurity experts at NCC Group have verified that these safeguards are working as intended."

    This is the third-largest fine imposed by the Irish data protection
    authority so far, after sanctioning Amazon with 746 million euros for
    its targeted behavioral advertising practices and Facebook with 1.2
    billion euros for transferring data of EU-based users to the United States.

    Previously, TikTok was slapped with a €345 million ($368 million) fine
    by the DPC for violating the privacy of children while processing their
    data and employing "dark patterns" during the registration process and
    while posting videos, nudging users toward selecting options that
    compromised their privacy.

    In January 2023, TikTok was also fined €5 million ($5.4 million) by
    France's data protection authority (CNIL) for failing to adequately
    inform users about its cookie usage and making it challenging to opt-out.

    --
    God be with you,

    CrudeSausage
    KDE & LibreOffice supporter
    John 14:6

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)