TikTok is in trouble for transferring data to China——yet again—with the Irish Data Protection Commission (DPC) fining the company €530 million.

TikTok has a long and disturbing history of violating user privacy, including spying on journalists, transferring data to China, repeatedly violating child privacy laws, serving as a conduit for China to spy on users, and more.

According to the DPC, TikTok infringed the GDPR by transferring EU citizen data to China without the proper transparency and disclosures.

“The GDPR requires that the high level of protection provided within the European Union continues where personal data is transferred to other countries,” said DPC Deputy Commissioner Graham Doyle.

“TikTok’s personal data transfers to China infringed the GDPR because TikTok failed to verify, guarantee and demonstrate that the personal data of EEA users, remotely accessed by staff in China, was afforded a level of protection essentially equivalent to that guaranteed within the EU.

“As a result of TikTok’s failure to undertake the necessary assessments, TikTok did not address potential access by Chinese authorities to EEA personal data under Chinese anti-terrorism, counter-espionage and other laws identified by TikTok as materially diverging from EU standards.”

The DPC says that, throughout the investigation, TikTok maintained that no EU data was being stored in China, only to come back later and says that some data had in fact been transferred.

“The DPC is taking these recent developments regarding the storage of EEA User Data on servers in China very seriously,” added Deputy Commissioner Doyle. “Whilst TikTok has informed the DPC that the data has now been deleted, we are considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities.”

At this point, given it’s history, it should come as absolutely no surprise that TikTok was one again found to be infringing user privacy and illegally transferring data.