TikTok will need to reach deep into its pockets after the Irish data watchdog hit the social video platform with a massive 530 million euro ($600 million) fine on Friday. 

Ireland’s Data Protection Commission charged the company with violating Europe’s strict privacy laws by not doing enough to ensure that anyone’s data transferred to China is properly protected from government surveillance. The DPC also said that if TikTok doesn’t make changes to comply with its ruling within six months, it will have to completely suspend data transfers to China.

TikTok failed to verify, guarantee and demonstrate that it was adequately protecting people’s personal data that could be remotely accessed by staff in China, DPC Deputy Commissioner Graham Doyle said in a statement. “As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards,” he added.

Read more: Best Identity Theft Protection for 2025

The EU’s General Data Protection Regulation, which came into effect in 2018, means that people in Europe benefit from strong privacy protections. When companies are found to be breaking the rules, they can receive fines of up to 20 million euros or 4% of their annual turnover, whichever is greater. The GDPR has formed the basis of other data privacy rules around the world, including California’s Consumer Privacy Act. The intention behind these rules is to guarantee people transparency over how their data is used, and to empower them to object when it’s used in ways they don’t approve of.

In the case of TikTok and the EU, the company has said that it’s never received any specific requests for European user data from the Chinese government. It believes that the period the fine applies to precedes 2023, when it put in place a 12 billion euro data security initiative in the EU called Project Clover.

“The decision fails to fully consider these considerable data security measures,” said Christine Grahn, TikTok’s head of public policy and government relations for Europe in a statement. “We disagree with this decision and intend to appeal it in full.”