It is not the first time that Tiktok ends under the magnifying glass of the European authorities, but this time the sanction imposed on the social platform is definitely important: 530 million euros of fine overall for a series of violations of the General Data Protection Regulation (GDPR), with particular reference to illegal transfer of personal data of European users to China; Let’s see together the details of the story.

Tiktok fined for data management and access of the Chinese authorities

The sanction mentioned at the opening was imposed by the Irish commission for data protection (DPC) and represents, incidentally, the third highest fine ever imposed under the GDPR, immediately behind those inflicted in the past in Meta and Amazon.

The central element of the investigation concerns the failure to comply with the protections provided for the transfer of non -EU datain particular those to countries that do not guarantee a level of protection considered adequate.

We all know how Tiktok is based in China and precisely this aspect has returned overwhelmingly to the center of the European and international debate: access by the Chinese authorities to the personal data of European users, by virtue of the national security laws of the People’s Republic, is in fact considered an extremely sensitive point both by the EU institutions and those of the United States.

Looking at the numbers, Most of the sanction (i.e. 485 million euros) are linked to the transfers of improper data, to this figure are added 45 million euros attributable to the lack of clarity in the Privacy Policy Adopted by the platform, which would not have adequately informed users about the real destination and management of their personal data.

Depc Depc Graham Doyle commented:

The GDPR requires that the high level of guaranteed protection within the European Union continues even when personal data are transferred to other countries.

The transfers of personal data from Tiktok to China violated the GDPR because Tiktok was unable to verify, guarantee and demonstrate that the personal data of SEE users, to whom the staff in China accessed remotely, received a level of protection substantially equivalent to that guaranteed within the EU.

Due to the failure to carry out the necessary assessments, Tiktok did not deal with the question of the potential access by the Chinese authorities to the personal data of the See pursuant to Chinese anti -terrorism, counterintelligence and other, identified by TikTok as substantially divergent by the EU standards.

Tiktok, for his part, tried to run for cover, already in 2022 the platform had updated his privacy policy and promised huge investments for the creation of Data Center in the European Unionwith the declared goal of “locating” the management of data and reassuring the authorities; However, according to what was detected by the DPC, these measures were not enough to fill the gaps found.

One of the most delicate issues that emerged during the investigation concerns the nature of accessing the data by China, initially Tiktok had argued that the European data were accessible remotely, but not physically archived in China; position that was later reformulated since the company He admitted that a limited amount of European data had actually been saved on servers located in Chinese territory. The social platform then declared that it has already canceled this data, but the DPC has expressed strong doubts about the completeness and transparency of the intervention, highlighting a lack of structural conformity that could also recur in the future.

This story, in addition to directly involving Tiktok, is part of a wider picture that concerns digital sovereignty and the management of overseas data by the global big techs (with particular attention to those of Chinese origin); The case highlights a growing tension between Western democracies and Beijing, where data protection becomes one of the main joints of geopolitical comparison.

Furthermore, what we have just reported is not the first penalty for the platform, in fact the social network was fined for 367 million dollars last year for incorrect management of minors.

In any case, at present Tiktok has six months to fully adapt its practices regarding data transfers and information transparencyotherwise, new even more severe penalties could arrive. The company can obviously appeal, but it is clear that the pressure from the regulatory authorities is constantly growing and that the patience of Europe towards the ambiguity of the technological giants is quickly running away.