TikTok, which is also in the crosshairs of the United States, said it planned to appeal the fine from Brussels. It insisted it had "never received a request" from Chinese authorities for European users' data.

The Chinese-owned social media giant did acknowledge during the probe that it had hosted European data in China, contrary to a previous denial, said Ireland's data protection watchdog.

This fine, the second largest ever imposed by the EU, followed an investigation into the lawfulness of data transfers by TikTok.

In 2023 Ireland's Data Protection Commission (DPC) fined TikTok -- which has 1.5 billion users worldwide -- 345 million euros for breaches of European rules on processing child data.

TikTok is a division of Chinese tech giant ByteDance. But since it has its European headquarters in Ireland, the Irish authority is the lead regulator in Europe for the social platform -- as well as others such as Google, Meta and X.

"TikTok failed to verify, guarantee and demonstrate that the personal data of (European) users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU," said DPC deputy commissioner Graham Doyle.  

"TikTok did not address potential access by Chinese authorities to (Europeans') personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards," Doyle said in a statement.

In response to the ruling, Christine Grahn of TikTok Europe said: "(TikTok) has never provided European user data to them."

She added: "We disagree with this decision and intend to appeal it in full."

The social media giant has been in the crosshairs of Western governments for years over fears personal data could be used by China for espionage or propaganda purposes.

- US pressure -

TikTok also infringed requirements within the EU's General Data Protection Regulation (GDPR) by transferring user data to China, said the DPC's statement.

Friday's decision "includes administrative fines totalling 530 million euros and an order requiring TikTok to bring its processing into compliance within six months," it said.

The authority said 45 million euros of the fine had been imposed because of a lack of transparency between 2020 and 2022. During that period, the platform had not indicated to users to which countries the data was transferred or that it could be accessed from China.

The ruling also includes an order suspending TikTok's transfers to China if the firm does not meet the six-month deadline, said the DPC.

The fine is expected to increase pressure on the social network in the United States.

The US Congress passed a law in 2024 requiring ByteDance to divest control of TikTok in the United States or be banned from the country.

President Donald Trump has postponed twice, the deadline set for the sale of the social network, which has 170 million American users. That latest deadline is set to expire on June 19.

- Multiple bans -

Aside from the data issue, TikTok is also accused of confining its users to silos through an opaque and powerful recommendation algorithm, fostering the spread of misinformation and illegal, violent, or obscene content. 

Several countries have banned the platform for varying periods, including Pakistan, Nepal, and France in the territory of New Caledonia.

For years, TikTok promoted its data protection policies. It made much of what it called Project Clover, a plan to invest 12 billion euros in European data security over 10 years, from 2023 onwards.

It claimed that Europeans' data was by default stored in Norway, Ireland, and the United States and "that employees in China have no access to restricted data," such as phone numbers or IP addresses.

But the DPC, which opened its investigation in 2021, said Friday that TikTok had informed it in April that European data had been stored, then deleted, in China -- contrary to what it had previously claimed.

TikTok told AFP on Friday that Project Clover had uncovered "a technical issue" and had "promptly" informed the DPC, underscoring TikTok's "transparency".

It added: "There is no evidence that any of the data was transferred outside of our organisation, viewed by authorities or otherwise disclosed or accessed in an unauthorised manner," said the spokesperson.

zap/pmu/jj