Tiktok is facing major heat from European regulators after a four-year investigation uncovered serious data privacy violations that exposed users to potential surveillance risks. The popular video-sharing platform has been hit with a staggering €530 million ($600 million) fine for failing to safeguard user data and for its lack of transparency about cross-border data access.
The ruling, delivered by Ireland’s Data Protection Commission (DPC)—TikTok’s lead privacy regulator in the European Union—found that the company allowed remote access to the personal data of EU users without ensuring adequate protection measures were in place. This is a direct violation of the EU’s General Data Protection Regulation (GDPR), which requires that any data transferred outside the bloc must maintain the same high level of privacy and protection.
In a statement, Deputy Commissioner Graham Doyle said TikTok “failed to verify, guarantee and demonstrate” that users' personal data accessed remotely was properly protected. The investigation also revealed that TikTok’s privacy policies were misleading, failing to clearly inform users about where their data was being transferred or who had access to it.
More troubling, the DPC found that TikTok had given inaccurate information throughout the course of the inquiry.
Despite previously claiming that no European user data was stored outside the region, the company only recently admitted it had found some data stored on unauthorized foreign servers as recently as February.
The regulator has now ordered TikTok to bring its data processing practices in line with GDPR within six months—or face further regulatory action. Doyle confirmed that the watchdog is considering “what further action may be warranted” due to these late disclosures and the severity of the privacy breaches.
TikTok has said it plans to appeal the decision, arguing that it has since implemented a data localization initiative and introduced new safeguards. However, regulators remain unconvinced, especially in light of the platform's lack of transparency and previous infractions—this is not TikTok’s first major fine in Europe for data violations.
As digital privacy becomes an increasingly urgent global issue, this case underscores the importance of strict enforcement—and the steep consequences—for companies that fail to uphold their responsibility to protect user data.