The inquiry found TikTok unlawfully transferred personal data from European Economic Area (EEA) users to China and failed to meet transparency obligations under the EU’s General Data Protection Regulation (GDPR).
Based in Dublin, TikTok falls under the Irish DPC’s oversight in the EU. Regulators found that it failed to ensure that data accessed by staff in China met EU-level privacy protections. The DPC also found TikTok failed to properly assess the risks posed by Chinese laws, which differ significantly from EU privacy standards.
“The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries,” said DPC Deputy Commissioner Graham Doyle in a press release.
“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” he continued.
TikTok has been given six months to bring its data processing up to standard. If it fails to do so, the company could face a suspension of all data transfers to China.
The company admitted last month that a limited amount of EEA user data had been stored on servers in China, contradicting earlier claims made during the inquiry. The company says the data has since been deleted, but the DPC is considering whether further enforcement action is warranted.
The ruling adds to growing international pressure on TikTok, which is facing potential bans or forced divestments in the US and restrictions on government devices in multiple countries due to concerns related to its Chinese ownership.
The DPC will publish the full decision and related documents in the coming weeks.
Keep up to date with the latest international telecoms news by subscribing to our newsletter
Also in the news:
Diversifying the UK’s data centre landscape: a path to economic growth
UK government’s data centre strategy drives discussion at Connected North
Data centres in the news this week
Author: Ernestro Casas -
A new European leadership structure and the integration of Smart Mobile Labs under the Boldyn
Cisco contributes to the latest edition of the Cyber Hard Problems report, highlighting 10 foundational
Opinion A virtual environment makes a great de-hype advisor
In human imagination,
Key Takeaways WhatsApp’s new AI message summary tool streamlines chat navigation by condensing unread messages…
Starting today, Amazon Elastic Compute Cloud (Amazon EC2) R8g instances are available in Asia Pacific
