TikTok Technology Limited

Description

The Irish DPA (DPC) has fined TikTok EUR 530 million. In its decision, the DPC found, that TikTok infringed Art. 13 (1) f) GDPR and Art. 46 (1) GDPR due to the unlawful transfer and storage of personal data from users in the EEA on Chinese servers. TikTok was unable to verify, guarantee and demonstrate that the supplementary measures and the Standard Contractual Clauses were effective to guarantee that the data afforded a level of protection, which is equivalent of the level of protection guaranteed in the EU. TikTok also failed to inform the data subjects, that their personal data is transferred to a third country. The fine consists of a fine of EUR 45 million for the failure to inform the data subjects and a fine of EUR 485 million for the infringement of Art. 46 (1) GDPR. The DPC also ordered TikTok to bring their processes into compliance with the GDPR within 6 months after the period allowed for an appeal against the DPCs final decision.