TikTok Fined €530 Million by EU for Illegally Transferring User Data to China

TikTok has been hit with a €530 million ($601 million) fine by Ireland’s Data Protection Commission (DPC) for violating the EU’s General Data Protection Regulation (GDPR). The investigation found that TikTok unlawfully transferred personal data of users in the European Economic Area (EEA) to China without ensuring proper safeguards or transparency.

The DPC concluded that TikTok misled regulators and users about the storage and transfer of European data. While the company previously claimed it did not store EEA user data in China, it admitted in early 2025 that limited data had indeed been stored on Chinese servers. TikTok stated that this data has since been deleted, but the DPC ruled the company had still failed to comply with GDPR standards.

TikTok has six months to bring its data transfer practices in line with EU laws or face additional penalties. In response, the company plans to appeal and highlighted its ongoing “Project Clover” initiative—a €12 billion investment aimed at localizing European data within new regional data centers.

This is TikTok’s second major GDPR fine, following a €345 million penalty in 2023 for mishandling children’s data. The latest ruling raises further concerns about data privacy and international data flows, especially between Europe and China.