TikTok was imposed a penalty surcharge of 530 million euros (approximately 840 billion won) for transferring European Union (EU) user data to China.
On the 2nd (local time), the Irish Data Protection Commission (DPC) noted that it imposed a penalty surcharge on TikTok and issued a correction order within six months. The Irish DPC investigated whether TikTok's transfer of personal data of users in the European Economic Area (EEA) to China was lawful and whether it met the transparency requirements under the EU General Data Protection Regulation (GDPR).
The GDPR is a law that contains regulations related to the collection, storage, processing, and sharing of personal data within the EU. Corporations must ensure data protection under the GDPR in order to send EU user data offshore. The DPC determined that TikTok had not proven through precautionary measures or standard contractual clauses that the personal data of European users transferred to China would be protected at the same level as within the EU.
It was also seen as a violation of GDPR transparency provisions, as the third countries to which personal data was transferred in TikTok's privacy policy, which was initiated in 2021, were not specified, and no explanation regarding the nature of the transfer processing operations was included.
The DPC also stated that it was not mentioned that employees in China could remotely access personal data stored in Singapore and the United States.