The inquiry found TikTok unlawfully transferred personal data from European Economic Area (EEA) users to China and failed to meet transparency obligations under the EU’s General Data Protection Regulation (GDPR).
Based in Dublin, TikTok falls under the Irish DPC’s oversight in the EU. Regulators found that it failed to ensure that data accessed by staff in China met EU-level privacy protections. The DPC also found TikTok failed to properly assess the risks posed by Chinese laws, which differ significantly from EU privacy standards.
“The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries,” said DPC Deputy Commissioner Graham Doyle in a press release.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” he continued.
TikTok has been given six months to bring its data processing up to standard. If it fails to do so, the company could face a suspension of all data transfers to China.
The company admitted last month that a limited amount of EEA user data had been stored on servers in China, contradicting earlier claims made during the inquiry. The company says the data has since been deleted, but the DPC is considering whether further enforcement action is warranted.
The ruling adds to growing international pressure on TikTok, which is facing potential bans or forced divestments in the US and restrictions on government devices in multiple countries due to concerns related to its Chinese ownership.
The DPC will publish the full decision and related documents in the coming weeks.
Keep up to date with the latest international telecoms news by subscribing to our newsletter
Also in the news:
Diversifying the UK’s data centre landscape: a path to economic growth
UK government’s data centre strategy drives discussion at Connected North
Data centres in the news this week
Equinix plans to invest £3.9 billion in the project, which will deliver 250+MW of compute
Key takeaways What Is Imagine Lens—and Why It Matters Snapchat’s Imagine Lens lets us create…
Packages downloaded from NPM can fetch dependancies from untrusted sites.
Exclusive Edge, Atlas, Brave among those affected
A critical, currently unpatched bug
The announcement brings Amazon’s total pledged investment in South Korea to $9 billion over the
