A new privacy storm is brewing over TikTok, with European regulators reportedly preparing a massive €500 million ($553 million) fine for illegally sending user data to China. The Irish Data Protection Commission (DPC), which oversees TikTok’s EU operations due to its headquarters in Dublin, is expected to issue the penalty before the end of April, according to Bloomberg.

The fine is the result of a four-year-long probe into the Chinese-owned app’s data handling practices, specifically relating to its transfer of private European user data to China. The investigation found that TikTok’s parent company, ByteDance, violated the EU’s strict General Data Protection Regulation (GDPR). The regulation is designed to protect the personal data of EU citizens and severely limits its transfer outside the bloc without sufficient safeguards.

Despite TikTok’s claims that EU user data is stored in the U.S., investigators believe that Chinese-based maintenance and AI engineers have been accessing sensitive data. Former Irish Data Protection Commissioner Helen Dixon highlighted these concerns as far back as 2021, stating, “There is possibility that maintenance and AI engineers in China may be accessing data.”

The Irish watchdog’s role is pivotal due to the GDPR’s ‘one-stop-shop’ mechanism, which tasks the lead regulator in the EU country where a company is based with enforcing compliance across the bloc. In this case, ByteDance’s European base in Dublin has made Ireland the epicenter of enforcement. While the final amount and date for the fine are not yet official, the figure under discussion would be one of the largest ever under GDPR.

This comes amid wider turmoil for TikTok, particularly in the U.S., where lawmakers are demanding the app be sold or face a potential nationwide ban. With companies like Amazon rumored to be exploring a purchase, ByteDance is under intense global pressure.

For more information, read the full article on Engadget.