DPC: Major Fine Issued Against TikTok

On May 2, 2025, the Irish Data Protection Commission (DPC) imposed a fine of €530 million on TikTok Technology Limited. The penalty followed an investigation which concluded that TikTok fails to ensure that the personal data of users from EU countries is protected to a level equivalent to the standards required under the GDPR.

The DPC found that TikTok’s transfers of European user data to China violated Article 46 GDPR, as the company could not sufficiently verify or demonstrate that standard contractual clauses and supplementary measures provided adequate protection. Moreover, its transparency obligations under Article 13 GDPR were not fulfilled—TikTok’s privacy notices did not explicitly name recipient countries like China nor explain the nature of the data processing.

Alongside the fine, the DPC ordered TikTok to bring its data processing into compliance within six months. Failure to do so will trigger a suspension of all data transfers to China. TikTok has announced its intention to appeal the decision.