Following an earlier €345 million fine over children's data, Ireland's regulator penalised TikTok €530 million for failing to guarantee that European users' data sent to China received protection essentially equivalent to the EU's.
The decision underlines that transfer rules apply to every destination outside the EEA — not just the United States — and that access by authorities in the destination country is squarely within scope.
It also continues a run of enforcement focused on minors and on the largest consumer platforms, where the volume and sensitivity of data magnify the risk.
For any business with a global supply chain, the message is to map where data actually flows — including support, analytics and engineering access from outside the EEA.
The information contained within this resource does in no way constitute legal advice. Any person who intends to rely upon or use this information is solely responsible for independently verifying it and obtaining independent expert advice if required.
Need to act on this?
We advise on GDPR compliance, transfers, AI and breach response.