TikTok has been fined €530 million (USD $600 million) by the European Union for unlawfully transferring European user data to China, violating the General Data Protection Regulation (GDPR). Ireland’s Data Protection Commission (DPC), the EU’s lead privacy regulator, found that TikTok failed to ensure adequate protection for user data accessed by staff in China and did not fully disclose these transfers to users.
The DPC’s investigation revealed that TikTok provided inaccurate information during the inquiry, initially denying that European user data was stored in China, only to admit in February 2025 that limited data had been stored there. TikTok has been given six months to comply with GDPR requirements or face suspension of data transfers to China.
In response to the fine, Project Liberty—a consortium led by billionaire Frank McCourt aiming to acquire TikTok’s U.S. operations—criticized the platform’s data practices. Tomicah Tillemann, President of Project Liberty, stated, “This isn’t just another fine—it’s another warning sign. People, not platforms, should own and control their personal data.”
Project Liberty is an initiative launched by Frank McCourt, a billionaire real estate developer and former owner of the Los Angeles Dodgers. It is focused on creating a more decentralized, user-controlled digital infrastructure. The initiative is part of a broader campaign to reform the internet and return data ownership to individuals.
In early 2024, McCourt publicly expressed interest in buying TikTok’s U.S. operations if it were forced to divest due to mounting regulatory pressure, particularly from U.S. lawmakers concerned about data privacy and national security risks stemming from TikTok’s Chinese parent company, ByteDance.
In 2025, Project Liberty reportedly renewed its push, citing the EU fine as further evidence that TikTok’s data practices are untrustworthy and reinforcing its argument that user data should be governed by democratic principles, not foreign corporate interests.
TikTok disputes the DPC’s findings and plans to appeal, asserting that it uses standard contractual clauses for data transfers and has implemented robust data security measures, including Project Clover—a €12 billion initiative to localize data storage in Europe and the U.S.
This is TikTok’s second major GDPR fine; in 2023, it was fined €345 million for mishandling children’s data. The latest penalty underscores growing regulatory scrutiny over data privacy and the need for platforms to prioritize user data protection.
