Ireland

TikTok Technology Limited

530,000,000 €

GDPR enforcement action by Data Protection Authority of Ireland on 2025-05-02.

Rank · Sector

of 366 in Media, Telecoms and Broadcasting

Rank · Ireland

of 36

Rank · All fines

of 3,039

Case details

Authority: Data Protection Authority of Ireland
Date: 2025-05-02
Controller / Processor: TikTok Technology Limited
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 13 (1) f) GDPR, Art. 46 (1) GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Irish DPA (DPC) has fined TikTok EUR 530 million. In its decision, the DPC found, that TikTok infringed Art. 13 (1) f) GDPR and Art. 46 (1) GDPR due to the unlawful transfer and storage of personal data from users in the EEA on Chinese servers. TikTok was unable to verify, guarantee and demonstrate that the supplementary measures and the Standard Contractual Clauses were effective to guarantee that the data afforded a level of protection, which is equivalent of the level of protection guaranteed in the EU. TikTok also failed to inform the data subjects, that their personal data is transferred to a third country. The fine consists of a fine of EUR 45 million for the failure to inform the data subjects and a fine of EUR 485 million for the infringement of Art. 46 (1) GDPR. The DPC also ordered TikTok to bring their processes into compliance with the GDPR within 6 months after the period allowed for an appeal against the DPCs final decision.

Open original source Links to the regulator's original publication or another source.