In a major regulatory action, TikTok has been fined €530 million ($600 million) by Ireland’s Data Protection Commissioner (DPC) — the lead privacy watchdog for the EU — for violating data protection laws, particularly regarding how it handles data transfers to China.

The fine follows an investigation into TikTok’s compliance with the General Data Protection Regulation (GDPR). The DPC concluded that TikTok, owned by Chinese tech giant ByteDance, failed to demonstrate sufficient safeguards for personal data of EU-based users, especially where this data was remotely accessed by staff in China.

Along with the financial penalty, the DPC issued a clear ultimatum: TikTok must suspend data transfers to China within six months unless it can bring its processing into full compliance with EU privacy standards.

This ruling highlights growing EU concerns over foreign access to citizens’ data, particularly by companies based in non-democratic countries. The move aligns with wider regulatory efforts across Europe to ensure that data exported beyond EU borders remains protected to GDPR standards.

TikTok responded by saying it is reviewing the decision and will consider all available options, including a possible legal challenge. The company has previously stated it is working to localize user data storage in Europe to address concerns.

The €530 million fine adds to the mounting scrutiny TikTok faces across Western markets, where lawmakers and regulators have questioned the app’s handling of personal information and potential influence by the Chinese government.

As the clock ticks on the six-month deadline, TikTok’s next steps could shape the future of cross-border data transfers for global tech firms operating in the EU.