Menu

Filter by
content
PONT Data&Privacy
  • PONT home
    • mill

    0

    AVG
    De AVG regelt de rechten en verplichtingen rond persoonsgegevens die op basis van een verwerkingsgrondslag uit de AVG worden verwerkt.

    Fine of 530 million euros for TikTok for transferring data to China

    Ireland's Data Protection Commission (DPC) is fining China's ByteDance 530 million euros. The parent company of TikTok sends personal data of European users to China while that data is not properly protected there. The investigation and fine have been coordinated with other European privacy regulators, including the Personal Data Authority (AP).

    Personal Data Authority May 8, 2025

    News/press release

    News/press release
    TikTok China
    AP Vice President Monique Verdier: "TikTok has a big responsibility: it manages data of more than a billion people worldwide. And in the Netherlands, too, millions of people are on TikTok, including many children. Children need to be safe online, and European privacy regulators are committed to ensuring that social media companies like TikTok take responsibility and abide by the law.'

    Chinese government

    ByteDance employees in China have access to European users' data. ByteDance cannot prove that the data of TikTok users in China is well protected. And that not, for example, the Chinese government has access to the data. That is a violation of the General Data Protection Regulation (AVG), and for that the DPC is fining 485 million euros. In addition, ByteDance does not clearly inform users that their personal data is going to China. For that, the DPC is fining 45 million euros.

    'TikTok knows a lot about you'

    Verdier: "If you're on TikTok, that platform knows a lot about you. If you're a kid who watches a lot of videos about dealing with depression or an eating disorder, that algorithm can conclude that you might not be feeling well. Also, TikTok can see who your friends are, what comments you leave on their videos and where you are: TikTok can track you. That sensitive information is something the company needs to protect properly. And TikTok doesn't.

    ByteDance employees in China can now still download the data of European users, for example for maintenance of the TikTok app. This must change, the Irish regulator says: ByteDance must ensure within six months that employees in China no longer have access to the data.

    Third AVG fine for TikTok

    The Irish regulator led this investigation, as TikTok's European headquarters is in Ireland. It is the third AVG fine for TikTok: in 2023, the DPC imposed a fine of 345 million euros for inadequately protecting children's privacy. The DPC then launched that investigation in part at the request of the AP. In 2021, before TikTok set up shop in Ireland, the AP imposed a fine on the company of 750,000 euros because TikTok did not properly inform children about the use of their data.

    ByteDance can appeal the fine.

    Share article

    Comments

    MORE REACTIONS

    Leave a comment

    You must be logged in to post a comment.

    NEWS

    Bits of Freedom lawsuit against Meta: the legal underpinnings

    News press release

    Personal data or anonymous data?

    Blog

    Data Privacy Framework remains standing (for now)

    Articles

    Does pseudonymizing data exempt my company from its obligations under the AVG?

    Blog

    It remains a challenge: what data qualifies as personal data under the General Data Protection Regulation (AVG)? Recently, the Central Netherlands District Court examined...

    AP: aid organizations trapped by Israeli duty to provide personal data

    News press release
    Personal Data Authority

    More room for small and medium businesses in the AVG, but without undermining fundamental privacy protections

    News press release

    AP supports European push to reduce regulatory burden, but not at the expense of citizens

    News press release

    EU threatens to undermine digital civil rights with simplification of AVG

    News

    Are you allowed to keep a VOG? This is what the AVG says about processing Statements of Good Conduct

    Blog
    Mike Tiernagan

    Effective Data Protection within the Public Sector

    Are you a Privacy Officer (PO) or Data Protection Officer (FG) within a public sector organization? Would you like to deepen your knowledge and learn how to implement privacy governance in a practical and effective way? The new two-day course Effective Data Protection within the Public Sector will help you do just that! 

    Learn more

    Privacy in the workplace

    View book

    Undermining and Processing of Personal Data.

    This course discusses the legal framework for data processing when dealing with undermining. It discusses how to determine which processing of personal data is and is not permitted and why. In particular, the sharing of personal data within and outside one's own organization will be discussed, as well as the requirements for processing personal data. After this course you will be fully aware of the main issues, recent experience and case law and you will be able to identify problems in this area in practice.

    Learn more

    Data sharing in public partnerships

    Some social problems are too big for public organizations to solve on their own. As a result, you see various public and private organizations forming partnerships to achieve a common goal, but what about that privacy technically? Will the new Data Processing by Partnerships Act possibly be a solution there? What is the expected impact on practice? And how do you deal with this issue right now?

    Learn more

    Data Processing and Privacy at Municipalities

    Learn more

    Join PONT | Data & Privacy

  • Access to Knowledge Base
  • Read e-books
  • Contact with peers
  • Own news overview
    • BECOME A MEMBER

    General

    Service

    Navigate

    Berghauser Pont Media Group

    CONTACT

    𝕏

    Copyright 2025 Berghauser Pont | Website created by Buro Zero