The recent fine of approximately R$ 3.4 billion (€345 million) imposed on TikTok by the European Union authorities due to the improper transfer of user data to China is a significant milestone and represents more than just a one-time penalty to a technology giant: it is an important warning to all companies operating with personal data on a global scale.
While sanctions against big tech companies are not new, the recent TikTok case highlights a stricter process by regulatory authorities against negligent practices in handling personal data, especially concerning international transfer of information to countries that may not provide the same level of legal protection.
For the market, the case brings essential lessons. The international transfer of personal data itself is not a problem, and when done properly, it is crucial for the operation of global services in the digital economy era. However, this process must be conducted securely, transparently, and with legal backing. The TikTok episode demonstrates that neglecting these principles can result in serious consequences, not only financially but in reputation damage, jeopardizing consumer trust and brand credibility.
More than a legal requirement, respect for privacy and data protection has become a competitive advantage and a pillar for building trust with users. Companies that handle personal data, especially in global and digital environments, must adopt proactive and robust practices that go beyond minimal compliance with regulations, ensuring not only compliance but the integration of data protection as a central value of their operation.
In Brazil, the National Data Protection Authority (ANPD) published resolution CD/ANPD No. 19, dated August 23, 2024, approving the Regulation of International Data Transfers and the content of standard contractual clauses, thus establishing regulatory mechanisms aimed at ensuring the compliance of international transactions, ensuring the protection of personal data in accordance with Brazilian legislation standards. Additionally, the ANPD launched a page on International Data Transfers (TID) at the web address: International Matters – Portuguese — National Data Protection Authority.
*Raissa Dacal and Danielle Campello are, respectively, a paralegal and lawyer specialized in Digital Law, Data Protection, and New Technologies at Di Blasi, Parente & Associados.
