Irish Privacy Watchdog Fines TikTok $600 Million For China Data Transfers (apnews.com) 13
An anonymous reader quotes a report from the Associated Press: A European Union privacy watchdog fined TikTok 530 million euros ($600 million) on Friday after a four-year investigation found that the video sharing app's data transfers to China put users at risk of spying, in breach of strict EU data privacy rules. Ireland's Data Protection Commission also sanctioned TikTok for not being transparent with users about where their personal data was being sent and ordered the company to comply with the rules within six months.
The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."
[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.
"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."
The Irish national watchdog serves as TikTok's lead data privacy regulator in the 27-nation EU because the company's European headquarters is based in Dublin. "TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," Deputy Commissioner Graham Doyle said in a statement. The Irish watchdog said its investigation found that TikTok failed to address "potential access by Chinese authorities" to European users' personal data under Chinese laws on anti-terrorism, counterespionage, cybersecurity and national intelligence that were identified as "materially diverging" from EU standards. Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."
[...] The investigation, which opened in September 2021, also found that TikTok's privacy policy at the time did not name third countries, including China, where user data was transferred. The watchdog said the policy, which has since been updated, failed to explain that data processing involved "remote access to personal data stored in Singapore and the United States by personnel based in China." TikTok faces further scrutiny from the Irish regulator, which said that the company had provided inaccurate information throughout the inquiry by saying that it didn't store European user data on Chinese servers. It wasn't until April that it informed the regulator that it discovered in February that some data had in fact been stored on Chinese servers. TikTok disagrees with the decision and plans to appeal. The company said the decision focuses on a "select period" ending in May 2023, before it embarked on a data localization project called Project Clover that involved building three data centers in Europe.
"The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm," said Christine Grahn, TikTok's European head of public policy and government relations. "The decision fails to fully consider these considerable data security measures."
Communists (Score:1)
Stealing user data. Oh my, say it isn't so. Capitalists doing the same thing!? Holy crap, the world is in chaos ... cats living with dogs. The horror! All of these anti-"social media" companies do this. Your best move ... keep off of them.
Re: (Score:2)
Thanks, edgelord, for that insightful and edgy comment. However, these are serious national security issue when it comes to TikTok in particular.
However, I do agree that the best move is to not use social-media platforms.
Re: (Score:3)
If they're breaking the law they can pay the app
Re: (Score:2)
I don't use TikTok and have a limited understanding of it, but what grave national security risk does it pose if China is violating EU privacy laws almost certainly for the express purposes of being able to sell targeted advertising?
I believe the concern stems from the idea (either real or imaginary) that the data TikTok collects would be used by the CCP to create profiles on individual users that could be used to create targeted advertising... where the advertising was for a particular political candidate that is favorable to the CCP. I'm not saying this is happening, it's just my understanding that this is the fear which underpins the "tiktok dangerous" argument.
Re: Communists (Score:2)
Add to it that traccking can link family members and if a parent works in a sensitive position it can be easier to coerce and subvert them.
Re: (Score:2)
what grave national security risk does it pose if China is violating EU privacy laws almost certainly for the express purposes of being able to sell targeted advertising?
According to who? Being a China-based company, they are legally required to follow the directives of the Chinese government which means the CCP, regardless of the legality of their actions in other nations, even if they are in those nations.
Bytedance (the owner of TikTok) claims they are just a small part of the company that makes little profit but they also refuse to divest ownership despite having several multi-billion dollar offers. If you're not making much money from part of your company then why would
Re: Communists (Score:3, Insightful)
Re: Communists (Score:2)
Weasle words (Score:5, Informative)
Grahn said TikTok has "has never received a request for European user data from the Chinese authorities, and has never provided European user data to them."
Note Grahn is not saying data was not transfer to China. There is this deliberate misconception that the Chinese government requests data from Chinese companies and the Chinese companies provide the data. What really happens is the Chinese government demands backdoor access to companies' data and takes that data whenever they desire.
So Grahn is not lying, he is simply misleading people. Go back and look for any statement from any company accused of sharing data with China. The words always used is they "did not provide data", but nothing about if the Chinese government can simply take the data.
Indeed, nicely expressed (Score:2)
What I was going to say! And already moded up. There's hope that Slashdot reader won't succumb to the 'Chinese government is a peaceloving benign caring group of people'.