*

Probe found TikTok failed to show data properly protected

*

Transfers to China to be suspended if action not taken

*

TikTok to appeal ruling, says it followed EU rules

DUBLIN, May 2 (Reuters) - TikTok was fined 530 million

euros ($600 million) by its lead EU privacy regulator on Friday

over concerns on how it protects user information and was

ordered to suspend data transfers to China if its processing is

not brought into compliance within six months.

Ireland's Data Protection Commissioner (DPC) said TikTok,

owned by China's ByteDance, failed to show that EU users'

personal data, some of which is remotely accessed by staff in

China, was afforded the high level of protection provided for

under EU law.

As a result, the short-video platform did not address

potential access by Chinese authorities to the data under

counter-espionage and other laws identified by TikTok as

materially diverging from EU standards, the DPC said in a

statement.

TikTok said it strongly contested the finding and that it

has used the EU's own legal framework, specifically so-called

standard contractual clauses, to grant tightly controlled and

limited remote access. It plans to appeal the ruling.

It also said the decision fails to fully consider data

security measures first rolled out in 2023 that independently

monitor remote access and ensure EU user data is stored in

dedicated data centres in Europe and the United States.

TikTok, which has grown rapidly among teenagers around the

world in recent years and has 175 million users across Europe,

added that it has never received a request for EU user data from

the Chinese authorities, and has never provided data to them.

"This ruling risks setting a precedent with far-reaching

consequences for companies and entire industries across Europe

that operate on a global scale," TikTok said in a statement.

The DPC also found that while TikTok said throughout the

four-year inquiry that it did not store EU user data on servers

in China, it disclosed last month that it discovered in February

that a limited amount was stored in China and since deleted.

"The DPC is taking these recent developments very seriously.

We are considering what further regulatory action may be

warranted," DPC Deputy Commissioner Graham Doyle said.

It is the second time TikTok has been reprimanded by the

DPC. It was fined 345 million euros in 2023 for breaching

privacy laws regarding the processing of children's personal

data in the EU.

The powerful Irish privacy regulator, the lead regulator in

the EU for many of the world's top tech firms due to the

location of their regional headquarters in Ireland, has also

fined the likes of Microsoft's ( MSFT ) LinkedIn, X and Meta

since it was given sanctioning powers in 2018.

Under the EU's General Data Protection Regulation (GDPR),

that also covers European Economic Area member states Iceland,

Liechtenstein and Norway, the lead regulator for any given

company can impose fines of up to 4% of its global revenue.

($1 = 0.8827 euros)