Tech firms have only paid €20m of €4bn in fines levied by Data Protection Commission
It is the latest legal attempt by Big Tech to overturn penalties imposed by the Irish privacy regulator. Of the more than €4bn in fines levied on companies including Meta and Amazon, only €20m has been paid so far.
The other penalties are being challenged in the Irish courts. There is no date set for any of the hearings, as a decision is awaited from the European Court of Justice on a key legal point.
The latest legal challenge, in which TikTok is being represented by Mason Hayes & Curran, relates to a DPC decision earlier this month to penalise the social network over improper data transfers from Ireland and the EU to China.
“TikTok failed to verify, guarantee and demonstrate that the personal data of European Economic Area (EEA) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU,” DPC deputy commissioner Graham Doyle said at the time.
“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”
We believe the EU should welcome and support solutions like Project Clover
As well as the fine, TikTok was ordered to bring its processing into compliance within six months.
In a further “serious development”, the DPC noted that, throughout its inquiry, TikTok had said it did not store EEA user data on servers in China. However, in April it told the regulator that, two months earlier, it discovered that “limited” data had in fact been stored on Chinese servers.
“TikTok informed the DPC that this discovery meant it had provided inaccurate information to the inquiry,” the regulator pointed out. The DPC is currently engaging with other European data regulators on that issue.
After the DPC announced the fine, TikTok said it disagreed with the decision and planned to appeal it in full. Christine Grahn, its head of public policy and government relations in Europe, claimed the decision failed to fully consider Project Clover, its €12bn industry-leading data security initiative that includes some of the most stringent data protections anywhere.
“It instead focuses on a select period from years ago, prior to Clover’s 2023 implementation, and does not reflect the safeguards now in place,” she said.
“The DPC itself recorded in its report what TikTok has consistently said: it has never received a request for European user data from the Chinese authorities, and has never provided European user data to them.”
Ms Grahn said that with 175 million users in Europe, more than 6,000 employees, and a platform that has helped small businesses contribute €4.8bn to GDP and over 51,000 jobs, TikTok was deeply integrated into Europe’s economy.
TikTok also claimed the penalty delivered a blow to the EU’s competitiveness.
“At a time when European businesses and economies need innovation, growth and jobs, we believe the EU should welcome and support solutions like Project Clover, as a way to facilitate secure data flows between the EU and non-adequate countries, while guaranteeing the most robust protections for European data security and privacy.”
source