Latest news with #ProjectClover
Irish Independent
3 days ago
- Business
- Irish Independent
TikTok appeals DPC's €530m fine for improper data transfer, and takes Commission to the High Court
It is the latest legal attempt by Big Tech to overturn penalties imposed by the Irish privacy regulator. Of the more than €4bn in fines levied on companies including Meta and Amazon, only €20m has been paid so far. The other penalties are being challenged in the Irish courts. There is no date set for any of the hearings, as a decision is awaited from the European Court of Justice on a key legal point. The latest legal challenge, in which TikTok is being represented by Mason Hayes & Curran, relates to a DPC decision earlier this month to penalise the social network over improper data transfers from Ireland and the EU to China. 'TikTok failed to verify, guarantee and demonstrate that the personal data of European Economic Area (EEA) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,' DPC deputy commissioner Graham Doyle said at the time. 'As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.' We believe the EU should welcome and support solutions like Project Clover As well as the fine, TikTok was ordered to bring its processing into compliance within six months. In a further 'serious development', the DPC noted that, throughout its inquiry, TikTok had said it did not store EEA user data on servers in China. However, in April it told the regulator that, two months earlier, it discovered that 'limited' data had in fact been stored on Chinese servers. 'TikTok informed the DPC that this discovery meant it had provided inaccurate information to the inquiry,' the regulator pointed out. The DPC is currently engaging with other European data regulators on that issue. After the DPC announced the fine, TikTok said it disagreed with the decision and planned to appeal it in full. Christine Grahn, its head of public policy and government relations in Europe, claimed the decision failed to fully consider Project Clover, its €12bn industry-leading data security initiative that includes some of the most stringent data protections anywhere. 'It instead focuses on a select period from years ago, prior to Clover's 2023 implementation, and does not reflect the safeguards now in place,' she said. ADVERTISEMENT 'The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.' Ms Grahn said that with 175 million users in Europe, more than 6,000 employees, and a platform that has helped small businesses contribute €4.8bn to GDP and over 51,000 jobs, TikTok was deeply integrated into Europe's economy. TikTok also claimed the penalty delivered a blow to the EU's competitiveness. 'At a time when European businesses and economies need innovation, growth and jobs, we believe the EU should welcome and support solutions like Project Clover, as a way to facilitate secure data flows between the EU and non-adequate countries, while guaranteeing the most robust protections for European data security and privacy.'
Yahoo
06-05-2025
- Business
- Yahoo
TikTok Hit With Big Fine in Europe for Chinese Data Transfers
This story was originally published on Social Media Today. To receive daily news and insights, subscribe to our free daily Social Media Today newsletter. As it continues to work on a deal to keep the app in the U.S., TikTok's links with the Chinese government are also causing impacts elsewhere, with the platform facing a huge new fine in Europe due to violations of the GDPR. As announced by the Irish Data Protection Commission (DPC), TikTok has been fined €530 million ($US341 million) for infringements of GDPR regulations relating to the transfer of European user data to China, while it will also be required to revise its processes within the next 6 months. As noted, the fine is a result of an investigation into the TikTok's transfers of user data to China, which is not an authorised region under the GDPR regulations, in regards to data safety. As explained by the DPC: 'Under the GDPR where an organization intends to transfer personal data outside the EU/ EEA to a third country, and where no Adequacy Decision exists between the EU and that third country, such transfers can only occur if other applicable provisions of the GDPR are met, such as Standard Contractual Clauses. These provisions place the responsibility on the organization to verify, guarantee and demonstrate that the law and practices of that country guarantees a level of protection essentially equivalent to that guaranteed within EU.' Because Chinese regulations don't align with these requirements, TikTok will now have to pay a hefty fine, and reassess its systems in line with GDPR requirements. Though TikTok says that it's already done so. In response to the announcement, TikTok says that the finding fails to take into account the additional measures it's now implemented to address the DPC's concerns: 'The decision primarily focuses on a select period from years ago, before the 2023 implementation of Project Clover, our €12 billion data security initiative. The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.' TikTok says that Project Clover, for which it's created several new EU data centers (in Norway and Ireland), and implemented processes to ensure that no EU user data is sent to China, addresses all of the DPC's complaints, and as such, it should not be subjected to this fine. 'The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm. The decision fails to fully consider these considerable data security measures.' TikTok further notes that it now has 175 million users across Europe, and more than 6,000 employees in the region, while it's also helped small businesses contribute €4.8 billion to GDP, and over 51,000 jobs. 'This decision has implications not just for TikTok, but for any company in Europe operating globally. We disagree with this decision and intend to appeal it in full.' Yeah, I'm not sure that this approach, which is similar to what TikTok has undertaken in the U.S., is going to resonate with EU officials. The argument that TikTok is already implementing measures to address such is relevant, but TikTok has continually tried to put political pressure on regional regulators, by essentially blackmailing them with veiled threats based on the impact that the company has on the local economy. U.S. senators were unmoved by these observations, and I expect EU overseers will view such the same way, as it's a pretty blatant effort to pressure them into easing back on the platform due to its broader economic benefits. It's essentially a bullying tactic, which side-steps the actual regulatory ruling itself. And again, TikTok should challenge the ruling by laying out the efforts that it's made with Project Clover, but it should probably also consider leaving out the impact statement. I doubt that's going to change the ruling either, but it may ensure that TikTok avoids further penalties in the region. Either way, it's another headache for the app, which now needs to factor in the loss of $341 million, on top of a possible full ban in the U.S., due to the escalating U.S./China trade war. Recommended Reading TikTok Announces Full Merger of US User Data to US-Based Systems, Amid New Reports of Chinese Access Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Irish Post
04-05-2025
- Business
- Irish Post
Irish data protection watchdog fines TikTok €530m for transferring users' data to China
SOCIAL MEDIA platform TikTok has been fined €530m by the Irish Data Protection Commission (DPC) for transferring European users' data to China. The DPC has also ordered the Chinese company to bring its processing into compliance within six months. The decision includes an order suspending TikTok's transfers to China if processing is not brought into compliance within that time. In a statement, TikTok said it disagreed with the decision and plans to appeal in full. 'Potential access by Chinese authorities' The DPC said that throughout the inquiry, TikTok said it did not store European users' data on servers located in China. However, in April 2025, TikTok informed the commission of an issue that it had discovered in February 2025 where limited data from European users had been stored on servers in China. The commission found that TikTok infringed the GDPR regarding its transfers of European users' data to China and its transparency requirements. "The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries," said DPC Deputy Commissioner Graham Doyle. "TikTok's personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU. "As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards." Mr Doyle added: "Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities." 'Considerable data security' In its response, TikTok criticised the scope of the inquiry and said that despite the issue, no data had been shared with Chinese authorities. "The decision primarily focuses on a select period from years ago, before the 2023 implementation of Project Clover, our €12bn data security initiative," said Christine Grahn, TikTok's Head of Public Policy & Government Relations in Europe. "The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them. "The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm. "The decision fails to fully consider these considerable data security measures. "With 175m users across Europe, more than 6,000 employees in the region, and a platform that helped small businesses contribute €4.8bn to GDP and over 51,000 jobs, TikTok is deeply integrated into the European economy. "This decision has implications not just for TikTok, but for any company in Europe operating globally. We disagree with this decision and intend to appeal it in full." Earlier this year, TikTok informed the Irish Government of its plan to make redundancies in Ireland as part of a global restructuring. The Communications Workers' Union said the company was shedding up to 300 employees, roughly 10 per cent of its Irish workforce. Last September, TikTok reportedly scraped a plan for a second office close to its Sorting Office site in Dublin 2. See More: Data Protection Commission, GDPR, Tiktok
Business Mayor
04-05-2025
- Business
- Business Mayor
Ireland fines TikTok 530 million euros for sending EU user data to China
Global Economy May 2, 2025 The TikTok logo is seen outside the Chinese video app company's Los Angeles offices on April 4, 2025 in Culver City, California. Robyn Beck | AFP via Getty Images TikTok has been fined 530 million euros ($601.3 million) by Ireland's privacy regulator for sending user data to China. The Irish Data Protection Commission (DPC) — which leads on privacy oversight for TikTok in the EU — said Friday that TikTok infringed the bloc's GDPR data protection law over transfers of European user data to China. The regulator ordered TikTok to bring its data processing into compliance within six months and said it would suspend TikTok's transfers to China if processing is not brought into compliance within that timeframe. 'TikTok's personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,' Graham Doyle, deputy commissioner at the DPC, said in a statement Friday. 'As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,' he added. The DPC said it also found TikTok had provided inaccurate information to its inquiry when it claimed it hadn't stored European users' data on servers located in China. TikTok informed the regulator this month that it discovered an issue in February where limited European user data had been stored on servers in China, contrary to its prior statements. The DPC takes the issue 'very seriously' and is considering what further regulatory action may be warranted in consultation with its fellow EU data protection authorities, Doyle said. TikTok said it disagrees with the Irish regulator's decision and plans to appeal in full. In a blog post Friday, Christine Grahn, TikTok's head of public policy and government relations for Europe, said the decision failed to take into account Project Clover, a 12-billion-euro data security initiative aimed at protecting European user data. 'It instead focuses on a select period from years ago, prior to Clover's 2023 implementation and does not reflect the safeguards now in place,' Grahn said. 'The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them,' she added. TikTok has previously acknowledged that staff in China can access user data. In 2022, it said in an update to its privacy policy that employees in countries where it operates — including China, Brazil, Canada and Israel — are permitted access to users' data to ensure their experience is 'consistent, enjoyable and safe.' Western policymakers and regulators are concerned TikTok's transfers of user data could lead to Beijing accessing the data to spy on users with the app. Under Chinese law, tech companies are required to hand over user data to the Chinese government if requested to assist with vaguely-defined 'intelligence work.' For its part, TikTok has insisted that it has never sent user data to the Chinese government. In 2023, TikTok boss Shou Zi Chew said in written testimony for a U.S. Congress hearing that the app 'has never shared, or received a request to share, U.S. user data with the Chinese government.' READ SOURCE
Business Insider
02-05-2025
- Business
- Business Insider
TikTok fined $600 million over data transfers to China
European regulators have fined TikTok $600 million after concluding that the social media giant unlawfully transferred users' personal data from the EU to China and failed to meet key transparency obligations under European data privacy laws. Ireland's Data Protection Commission, which acts as the lead EU watchdog for many global tech firms headquartered in Dublin, led the investigation. It said TikTok failed to ensure that data accessed by employees in China was protected at a level "essentially equivalent" to EU standards, as required under the General Data Protection Regulation (GDPR). Regulators also said the company misled users by failing to name China as a data destination and not disclosing the extent of remote access from countries like China, breaching GDPR's transparency rules. "As a result of TikTok's failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage, and other laws identified by TikTok as materially diverging from EU standards," Deputy Commissioner Graham Doyle said. The $600 million penalty includes about $550 million for unlawful data transfers and about $50 million for transparency violations. The penalty is the third-largest ever under the GDPR and part of a growing European scrutiny targeting Big Tech's data practices. TikTok may face a suspension of data transfers to China if it doesn't comply within six months. Last month, TikTok acknowledged that limited European user data had been stored on servers in China, contrary to previous claims, and that it has since been deleted. However, in a statement on Friday, the social media giant said it disagreed with the decision and plans to appeal. Christine Grahn, TikTok's head of public policy and government relations, said the ruling overlooks significant reforms introduced under its "Project Clover" data security initiative. She added that TikTok has never received or complied with a request for European user data from Chinese authorities. This isn't TikTok's first major penalty. In 2023, Ireland's Data Protection Commission fined it $368 million for failing to protect children's data. That same year, Meta was fined $1.3 billion over concerns that Facebook data transferred to the US could be used to spy on European citizens in violation of the EU's privacy laws.
