TikTok Faces €500 Million Fine for Data Transfer to China
TikTok faces a fine over €500 million for transferring European user data to China, with an impending decision from Ireland’s Data Protection Commission.
TikTok faces a fine over €500 million for transferring European user data to China, with an impending decision from Ireland’s Data Protection Commission.
The French Competition Authority has raised concerns about Apple’s App Tracking Transparency (ATT) framework, which requires users to consent to tracking across third-party apps and websites. The agency pointed out an imbalance in the consent process, where Apple’s own data collection can be approved with a single pop-up, while other companies need to obtain consent twice. This discrepancy is seen as particularly challenging for smaller publishers who lack alternative targeting methods, especially when they do not have enough proprietary data.
The authority emphasized that the current system favors larger corporations like Meta and Google, which can better navigate the privacy landscape. Smaller publishers, on the other hand, may struggle to sustain their advertising revenue due to the complexities introduced by the ATT framework. The French regulator indicated that the issue could be resolved with minor adjustments to the existing ATT system, which would provide a more equitable environment for all developers.
Despite the €150 million fine imposed on Apple, the financial impact on the company is expected to be minimal. However, Apple will need to implement changes to align with the French Competition Authority’s ruling. The head of the authority, Benoit Coeure, noted that while specific alterations to the ATT have not been mandated, it is Apple’s responsibility to ensure compliance. The process of making these changes may take some time, particularly as Apple awaits decisions from regulators in other European countries, including Germany, Italy, Poland, and Romania.
Apple has defended its ATT framework, stating that the prompt is uniform for all developers, including itself. The company has received considerable support for this feature from consumers, privacy advocates, and data protection authorities worldwide. Although Apple expressed disappointment with the decision from the French authority, it maintains that no specific modifications to the ATT have been required.
The European Commission proposed extending the UK’s data adequacy decision until December 2025, pending assessment of new data protection legislation.
Amazon lost its appeal against a 746 million euro fine for GDPR violations, as Luxembourg’s court upheld the decision by the CNPD.
The EDPB adopted a statement on the PNR Directive, urging EU countries to implement changes in line with the CJEU’s judgment to enhance passenger data protection.
Axel Voss and Max Schrems propose a three-layered revision of the GDPR to differentiate between large and small firms, despite concerns about potential risks and lobbying.
Signal’s CEO warns of withdrawal from Sweden if a proposed bill requiring data retention and backdoors for law enforcement is enacted.
The EDPB has initiated its 2025 Coordinated Enforcement Framework focusing on the right to erasure, involving 32 European Data Protection Authorities.
Activists filed complaints against Meta for not respecting users’ requests to opt out of targeted advertising in Europe, prompting investigations by data protection authorities.
European concerns grow over reliance on US cloud services amid geopolitical tensions, highlighting the need for data sovereignty and alternative tech solutions.
The CSC’s report highlights its role in supervising EU IT systems, issuing transparency recommendations, and preparing for future expansions to ensure data protection.
EU lawmakers struggle to agree on the next European Data Protection Supervisor, with Parliament and member states backing different candidates, delaying a decision until March.