TikTok fine in EU highlights global alert on international data transfer

The recent fine of approximately R$ 3.4 billion (€345 million) imposed on TikTok EU authorities for improper transfer of user data to China is an important milestone and represents more than a one-off penalty to a technology giant: it is an important warning to all companies operating with personal data on a global scale.

Although sanctions against large technology companies are no longer new, the recent TikTok case highlights a more rigorous process in the performance of regulatory authorities against negligent practices in the processing of personal data, especially when it comes to international transfer of information to countries that may not offer the same level of legal protection.

For the market, the case brings essential lessons. The international transfer of personal data itself is not a problem and when properly carried out is crucial for the operation of global services in the era of the digital economy.However, this process must be conducted with security, transparency and legal support. The episode of TikTok shows that neglecting these principles can result in serious consequences, not only financial, but reputational damage, endangering consumer confidence and brand credibility.

More than a legal requirement, respect for privacy and data protection has become a competitive differentiator and a pillar for building trust with users. Companies that process personal data, especially in global and digital environments, must adopt proactive and robust practices that exceed minimum compliance, ensuring not only compliance, but the integration of data protection as a core value of their operation.

In Brazil, the National Data Protection Authority (ANPD) published resolution CD/ANPD no. 19, of August 23, 2024, approving the Regulation of International Data Transfer and the content of contractual standard clauses, thus establishing regulatory mechanisms that aim to ensure the compliance of international transactions, ensuring the protection of personal data in accordance with the standards of Brazilian law. In addition, ANPD has launched a page on International Data Transfer (TID) at the electronic address: International Affairs & Publications & National Data Protection Authority.

*Raissa Dacal and Danielle Campello are respectively paralegal and lawyer specialized in Digital Law, Data Protection and New Technologies of Di Blasi, Parente & Associados.