TikTok Technology Limited – €530,000,000 Fine (Ireland, 2025)

€530,000,000Data Protection Commission2 May 2025Ireland
appealed
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

TikTok was fined EUR 530 million by Ireland's Data Protection Commission for improperly transferring and storing user data from Europe on servers in China. This matters because it shows that companies must be transparent about where they store personal data and ensure it is protected according to EU standards.

What happened

TikTok unlawfully transferred and stored personal data of users in the EEA on Chinese servers.

Who was affected

Users in the European Economic Area (EEA) whose personal data was transferred to China.

What the authority found

The Data Protection Commission ruled that TikTok violated GDPR by failing to ensure adequate protection for personal data transferred outside the EU.

Why this matters

This case highlights the importance of data protection compliance for companies operating in Europe. Businesses should review their data transfer practices to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 13(1)(f) GDPR
Art. 46(1) GDPR
View original scraped data
Art. 13(1)(f) GDPR
Art. 46(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
verified correct
Ireland enforcementData Protection Commission actionsAll TikTok Technology Limited actions
Full Legal Summary
Detailed

The Irish DPA (DPC) has fined TikTok EUR 530 million. In its decision, the DPC found, that TikTok infringed Art. 13 (1) f) GDPR and Art. 46 (1) GDPR due to the unlawful transfer and storage of personal data from users in the EEA on Chinese servers. TikTok was unable to verify, guarantee and demonstrate that the supplementary measures and the Standard Contractual Clauses were effective to guarantee that the data afforded a level of protection, which is equivalent of the level of protection guaranteed in the EU. TikTok also failed to inform the data subjects, that their personal data is transferred to a third country. The fine consists of a fine of EUR 45 million for the failure to inform the data subjects and a fine of EUR 485 million for the infringement of Art. 46 (1) GDPR. The DPC also ordered TikTok to bring their processes into compliance with the GDPR within 6 months after the period allowed for an appeal against the DPCs final decision.

Related Enforcement Actions (0)

No other enforcement actions found for TikTok Technology Limited in IE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 May 2025

Authority

Data Protection Commission

Fine Amount

€530,000,000

Enforcement Tracker ID

ETid-2584

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. TikTok Technology Limited - Ireland (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: