TikTok has been penalized €530 million (£452 million) by the Irish regulator for failing to ensure that European user data transmitted to China would be safeguarded from access by the Chinese government.
The Irish Data Protection Commission (DPC) oversees TikTok’s operations across the European Economic Area (EEA), which includes all 27 EU member states along with Iceland, Liechtenstein, and Norway.
It was determined that the Chinese-owned video-sharing platform breached the General Data Protection Regulation (GDPR) by not adequately addressing whether EEA user data sent to China is shielded from the authorities there.
The DPC remarked: “TikTok did not consider the potential access by Chinese authorities to EEA personal data. China’s national security and anti-terrorism laws have been noted as diverging from EU standards by TikTok.”
According to the DPC, TikTok did not “verify, assure, or demonstrate” that the European user data sent to China was afforded a level of protection comparable to that guaranteed within the EU.
TikTok stated that it would not “certify” that the DPC transfers European user data to Chinese authorities. The company claimed it has never received such a request from Chinese officials nor provided user data to them.
Moreover, TikTok has been directed to cease data transfers to China unless compliant processing measures are implemented within six months.
For instance, the National Intelligence Act of 2017 in China mandates that all organizations and citizens “support, assist, and cooperate” with national intelligence efforts.
The DPC noted that the data was “remotely accessed by TikTok’s Chinese staff.”
The watchdog also reported that TikTok provided “false information” during the investigation, initially claiming it had not stored user data from the EEA, but later acknowledging the possibility of storing “limited” European user data in China.
The Dublin-based regulator expressed that it takes “inaccurate” submissions very seriously and is evaluating whether additional regulatory actions are necessary.
After the newsletter promotion
The security of TikTok user data has been a longstanding concern among politicians regarding its Chinese ownership. The app still faces the threat of a ban in the US, with legislators on both sides of the Atlantic cautioning that the Chinese state may have access to user data. TikTok is managed by an organization based in Beijing.
In response to the ruling, TikTok announced its intent to appeal and mentioned that safeguards have been put in place under the Project Clover Data Security Scheme, introduced in March 2023. The DPC investigation covered the period from September 2021 to May 2023.
The DPC’s decision also included a finding from 2021 that a privacy statement provided to users did not disclose that data could be accessed in China when personal user data was transferred to a third country. The Privacy Policy was subsequently revised in 2022 to clarify that data is accessible in China.
Following the changes in 2022, TikTok acknowledged that it could access European user data in countries like China to perform checks on platform functionalities, including the effectiveness of algorithms that recommend content to users and identify problematic automated accounts.
Source: www.theguardian.com
Discover more from Mondo News
Subscribe to get the latest posts sent to your email.