Ireland's data privacy watchdog fined TikTok about $600 million for failing to guarantee that user data sent to China was protected from government surveillance, dealing a blow to the company's efforts to convince Western countries that it is safe to use.

Ireland's Data Protection Commission said on Friday that TikTok had failed to demonstrate that any user data it sent to China would be protected from government access by laws such as China's cybersecurity law.

The Irish regulator responsible for enforcing EU privacy laws on TikTok has ordered that the social video app must stop transferring user data to China within six months if it does not guarantee the same level of protection as in the EU.

The regulator also said TikTok admitted last month that it stored small amounts of European user data in China, although the company had previously denied doing so. TikTok informed the regulator that it had deleted the data. The regulator said on Friday it was discussing with EU counterparts whether further action should be taken against the company over the matter.

TikTok said it would appeal the fine, which totals 530 million euros. The company rejected accusations that it did not give European data adequate protection and said the ruling mainly covered the period before it implemented new protections. TikTok added that it has never handed over user data to the Chinese government and has never received any such request.

The threat of China gaining access to user data is a serious concern for governments on both sides of the Atlantic. TikTok has more than 170 million users in the United States, and the U.S. Congress passed a law last year requiring the sale or ban of TikTok nationwide due to national security concerns. President Trump last month extended the deadline under the law to give time to reach a deal.

TikTok has 175 million users in Europe, and similar concerns have led EU agencies and some countries, including France, to ban government employees from using the app on work devices.

EU privacy regulators have been separately investigating how TikTok handles daily user data sent outside the EU. The data in question may include any information that is unique to an individual, such as device numbers or online activity. The EU has previously fined Meta Platforms more than $1.3 billion for sending user data to the United States where it could be monitored.

In response to European concerns, TikTok announced in 2023 that it would begin hosting EU user data on servers in Ireland and Norway as part of its "Project Clover." TikTok said only limited user data, not including emails or IP addresses, is sent to China and that such access is overseen by an external audit firm.

On Friday, regulators said they had considered "Project Clover" but still believed it was necessary to order a halt to all user data transfers to China within six months if the company failed to ensure security.