The recent fine of approximately R$ 3.4 billion (€345 million) imposed on TikTok by European Union authorities due to the improper transfer of user data to China is an important milestone and represents more than just a one-time penalty for a tech giant: it serves as a critical warning to all companies handling personal data on a global scale.
Although sanctions against big tech companies are no longer news, the recent TikTok case highlights a stricter approach by regulatory authorities when it comes to negligent practices in personal data handling, especially concerning international data transfers to countries that may not provide the same level of legal protection.
For the market, the case offers essential lessons. International data transfers are not inherently problematic and, when conducted appropriately, are crucial for the operation of global services in the digital economy. However, this process must be carried out with security, transparency, and legal backing. The TikTok incident demonstrates that neglecting these principles can result in severe consequences—not just financial but reputational—jeopardizing consumer trust and brand credibility.
More than just a legal requirement, respecting privacy and data protection has become a competitive advantage and a cornerstone for building user trust. Companies handling personal data—especially in global and digital environments—must adopt proactive and robust practices that go beyond minimal compliance, ensuring not just regulatory adherence but the integration of data protection as a core value in their operations.
In Brazil, the National Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19 on August 23, 2024, approving the International Data Transfer Regulation and the content of standard contractual clauses, thereby establishing regulatory mechanisms to ensure compliance in international transactions while safeguarding personal data in accordance with Brazilian legal standards. Additionally, the ANPD launched a webpage on International Data Transfer (TID) at the following electronic address:International Affairs – Portuguese — National Data Protection Authority.
*Raissa Dacal and Danielle Campello are, respectively, paralegal and attorney specializing in Digital Law, Data Protection, and New Technologies at Di Blasi, Parente & Associados.
