Yazılar

TikTok Can Keep EU-China Data Transfers During Appeal

/in /tarafından

TikTok will be allowed to continue transferring user data from the European Union to China while it appeals a major Irish privacy ruling, after Ireland’s Supreme Court confirmed a temporary suspension of the transfer ban.

The case stems from a 530 million euro fine imposed in May by Ireland’s Data Protection Commission, TikTok’s lead privacy regulator in the EU. Regulators argued TikTok failed to guarantee that EU user data remotely accessed by staff in China received privacy protections equivalent to European standards. The order required TikTok to suspend those transfers unless compliance issues were resolved within six months.

However, Ireland’s High Court previously paused enforcement of the transfer ban, ruling that immediate suspension could cause severe and difficult-to-measure business damage to TikTok, while consumer risk during the appeal period appeared limited. The Supreme Court has now upheld that temporary pause until the High Court delivers its final judgment.

TikTok maintains it has never provided European user data to Chinese authorities and says regulators did not fully account for security systems introduced in 2023, including independent oversight of remote data access.

The ruling is significant because it temporarily preserves TikTok’s operational flexibility in Europe while broader questions remain over cross-border data governance, Chinese access concerns, and GDPR-level privacy protections.

The final outcome of the appeal could shape not only TikTok’s future in Europe but also wider standards for how global technology firms manage international data flows under EU privacy law.

EU Court Adviser Supports WhatsApp in Privacy Fine Dispute

/in /tarafından

An adviser to Europe’s top court has backed WhatsApp in its appeal against the EU privacy watchdog’s decision to increase its fine for data privacy violations. The case stems from a 2021 ruling in which Ireland’s data protection authority fined WhatsApp 225 million euros ($242.2 million). The European Data Protection Board (EDPB) intervened at the time, compelling Ireland to raise the penalty.

WhatsApp had challenged the EDPB’s authority to impose such a directive, but a lower tribunal ruled in 2022 that the company lacked standing to sue the regulator directly. Advocate General Tamara Capeta of the Court of Justice of the European Union (CJEU) has now disagreed with that assessment, stating that WhatsApp’s challenge is valid and should be reconsidered. The CJEU is expected to issue its final ruling in the coming months.

EU Privacy Regulator Fines Meta 251 Million Euros for 2018 Data Breach

/in /tarafından

Meta has been fined 251 million euros ($263.5 million) by the Data Protection Commission (DPC), the lead European Union data privacy regulator, for a 2018 security breach that exposed the personal data of 29 million users on Facebook.

Details of the Breach

The breach occurred after cyber attackers exploited a vulnerability in Facebook’s “View As” feature, which allowed users to see how their profile appeared to others. This vulnerability led to the exposure of sensitive personal data, including users’ full names, contact details, location, place of work, date of birth, religion, gender, and in some cases, children’s personal information.

According to Graham Doyle, Deputy Commissioner at the DPC, the breach posed a significant risk for the misuse of this data. Although the breach affected 29 million accounts globally, 3 million of those were in the EU and the European Economic Area (EEA).

Meta’s Response and Penalty

Meta addressed the issue shortly after the breach was discovered and took action to remedy the vulnerability. Despite this, the DPC imposed a fine under the EU’s General Data Protection Regulation (GDPR), which has led to significant penalties for Meta in recent years. To date, Meta has been fined almost 3 billion euros for breaches under GDPR, including a record 1.2 billion euros fine in 2023 related to data privacy violations, which Meta is currently appealing.

Meta’s Appeal

Meta has announced its intention to appeal the fine and reiterated its commitment to protecting users’ privacy. A company spokesperson stated, “We took immediate action to fix the problem as soon as it was identified, and we proactively informed people impacted as well as the Irish Data Protection Commission.”

Broader Context

The DPC oversees the majority of large U.S. internet companies operating in the EU, as these firms have their European operations based in Ireland. This fine marks another chapter in the EU’s ongoing efforts to enforce data protection regulations under the GDPR, which was introduced in 2018 to strengthen privacy rights across the region.