The Irish Data Protection Commission (DPC) said that the social media giant had breached the European Union's (EU) data protection rules when it sent European user data to China as it couldn't guarantee that the information was protected under the nation's surveillance laws.
The privacy regulator said that TikTok had failed to adequately assess the implications of Chinese surveillance laws on the data of European users.
The regulations give the Chinese government the power to order companies to hand over data and TikTok accepted that they "materially diverge from EU standards".
The regulator also said that the site had breached transparency rules between 2020 and 2022 as it didn't tell users that their personal data was being transferred to China, although it did note that the platform is now "compliant" after updating its policy in 2022.
TikTok has been fined €485 million for its data transfers to China and a further €45 million for the lack of transparency in its privacy policy.
The company says it "strongly contests" the findings of the Irish DPC and plans to appeal the punishment in full.
Christine Grahn, TikTok's head of public policy and government relations for Europe, said in a written statement: "Beyond the DPC's failure to substantively consider the extensive safeguards (already implemented by TikTok), we are disappointed to have been singled out despite relying on the same legal mechanism employed by thousands of other companies providing services in Europe."