The DPC announced the fine on Friday after finding that TikTok had violated the GDPR in respect of its transfers of EEA-based users’ personal data to China and by failing to be transparent about them.

However, TikTok has issued a statement saying that it disagrees with the decision and arguing that the DPC had failed to “fully consider” its investment in data security, including its €12 billion Project Clover initiative.

It also says it has been “singled out” for its use of standard contractual clauses (SCCs), despite this following “detailed assessments with advice from external law firms and experts”.

Christine Grahn, head of public policy and government relations at TikTok, said: “This ruling risks setting a precedent with far-reaching consequences for companies and entire industries across Europe that operate on a global scale. It delivers a blow to the European Union’s competitiveness. 

“Through Project Clover, a voluntary multi-billion-euro initiative, TikTok has implemented a comprehensive solution that offers unmatched protections for European user data and privacy, while safeguarding global data flows and supporting continued innovation.

“At a time when European businesses and economies need innovation, growth and jobs, we believe the EU should welcome and support solutions like Project Clover, as a way to facilitate secure data flows between the EU and non-adequate countries, while guaranteeing the most robust protections for European data security and privacy.”