The Digital Services Act and how it'll change TikTok in Europe. TikTok is once again in the regulatory spotlight after being fined €530 ...
 |
| The Digital Services Act and how it'll change TikTok in Europe. |
The DPC, acting as TikTok’s lead EU privacy regulator due to the company’s European headquarters in Dublin, found that the platform failed to implement adequate safeguards to protect data transfers outside the EU/EEA as required by the General Data Protection Regulation (GDPR). Investigators raised concerns that Chinese authorities could gain access to European user data under China’s national security laws.
According to the official statement, TikTok violated multiple GDPR articles, including those relating to transparency, data minimization, international data transfers, and the rights of data subjects. Notably, the investigation emphasized the vulnerability of teenage users and the lack of appropriate parental controls on the platform at the time.
TikTok has denied wrongdoing, stating that it complies with global privacy standards and utilizes Project Clover—a recent initiative aimed at enhancing data governance in Europe— to store European data in regional data centers. However, the DPC concluded that this infrastructure was either insufficiently implemented or ineffective during the time of the violations.
This is not TikTok’s first regulatory issue. In 2021, the DPC fined the company €345 million for failing to protect the privacy of minors. Furthermore, the platform has been under increasing scrutiny in the United States, where legislators have proposed legislation that could result in a nationwide ban unless TikTok is divested from its parent company, Beijing-based ByteDance.
In response to the fine, TikTok has said it will consider appealing the decision to the European Court of Justice. Meanwhile, privacy watchdogs across Europe and North America are using the ruling as a precedent to demand more accountability from tech giants operating across borders. Experts believe this case could serve as a landmark in shaping the future of international data flows.
The fine, one of the largest under GDPR to date, is part of a broader effort by the EU to assert its digital sovereignty and hold companies accountable for respecting the data rights of its citizens.
