• Home
  • cyber
  • TikTok and Amazon Europe Core: Breach Notifications in Europe Rise, While Fines Hold Steady
cyber Breach

TikTok and Amazon Europe Core: Breach Notifications in Europe Rise, While Fines Hold Steady

Jun 16, 2018 2 min read
TikTok and Amazon Europe Core: Breach Notifications in Europe Rise, While Fines Hold Steady

GDPR Enforcement Remains Strong as Breach Notifications Surge in Europe

Data breach notifications across Europe rose by 20% over the past year, even as GDPR fines held steady at €1.2 billion ($1.4 billion) in 2025, according to a report by global law firm DLA Piper. The consistent enforcement levels signal sustained regulatory scrutiny, particularly in areas like AI, supply chain security, and international data transfers.

Ireland remained the most active enforcer, issuing the largest fine of 2025 €530 million against TikTok for storing European users’ data on Chinese servers between July 2020 and November 2022 without adequate safeguards or transparency. This marked the first major GDPR penalty for data transfers to a non-U.S. country, expanding concerns beyond transatlantic data flows. Ireland also leads in cumulative fines since GDPR’s 2018 inception, with €4 billion in sanctions, followed by France (€1.1 billion) and Luxembourg (€747 million).

Luxembourg’s largest fine €746 million against Amazon Europe Core in 2021 was upheld in March 2025 after the company’s appeal was dismissed. The case remains under seal due to local legal restrictions. Meanwhile, U.S. tech firms continued to face the highest penalties, reflecting persistent tensions over surveillance-driven business models.

The European Commission proposed GDPR reforms in November 2024 to simplify compliance, including a unified breach reporting platform managed by ENISA and an extended notification deadline from 72 to 96 hours. The changes aim to reduce overlapping obligations under GDPR, the Network and Information Security Directive 2 (NIS2), and the Digital Operational Resilience Act (DORA), though debates over balancing efficiency with privacy rights are ongoing.

In the U.K., enforcement under the post-Brexit Data (Use and Access) Act 2025 has drawn criticism. Over 70 civil society groups and experts urged Parliament to investigate the Information Commissioner’s Office (ICO) after it declined to probe the Ministry of Defense’s 2022 Afghan data breach, which exposed 19,000 individuals fleeing the Taliban. The U.K. government later imposed a super injunction to block public reporting. The new DUA Act, effective June 2025, introduces structural reforms to the ICO, including enhanced investigative powers and transparency requirements.

Source: https://www.bankinfosecurity.com/breach-notifications-in-europe-rise-while-fines-hold-steady-a-30573

TikTok cybersecurity rating report: https://www.rankiteo.com/company/tiktok

Amazon cybersecurity rating report: https://www.rankiteo.com/company/amazon

"id": "TIKAMA1769016582",
"linkid": "tiktok, amazon",
"type": "Breach",
"date": "6/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'European users',
                        'industry': 'Technology',
                        'location': 'Ireland (HQ for European operations)',
                        'name': 'TikTok',
                        'type': 'Social Media Platform'}],
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (personal data of European '
                                        'users)',
                 'type_of_data_compromised': 'User data'},
 'date_publicly_disclosed': '2025',
 'description': "TikTok was fined €530 million by Ireland's Data Protection "
                'Commission for storing European users’ data on Chinese '
                'servers between July 2020 and November 2022 without adequate '
                'safeguards or transparency. This marked the first major GDPR '
                'penalty for data transfers to a non-U.S. country.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'European users’ data stored on Chinese '
                                'servers',
            'financial_loss': '€530 million fine',
            'legal_liabilities': 'GDPR violation'},
 'investigation_status': 'Completed (fine upheld)',
 'lessons_learned': 'Need for stricter safeguards in international data '
                    'transfers, especially to non-U.S. countries.',
 'post_incident_analysis': {'root_causes': 'Inadequate safeguards for data '
                                           'transfers to China, lack of '
                                           'transparency in data storage '
                                           'practices'},
 'recommendations': 'Implement robust data protection measures for '
                    'cross-border data flows, ensure transparency in data '
                    'storage practices, and comply with GDPR requirements for '
                    'international transfers.',
 'references': [{'date_accessed': '2025', 'source': 'DLA Piper Report'}],
 'regulatory_compliance': {'fines_imposed': '€530 million',
                           'legal_actions': 'Fine upheld by Irish Data '
                                            'Protection Commission',
                           'regulations_violated': ['GDPR']},
 'title': 'TikTok GDPR Violation for Data Transfers to China',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Inadequate safeguards for international data '
                            'transfers'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.