Dublin, Ireland (Enmaeya News) — European Union regulators have launched a fresh investigation into TikTok, raising new concerns over the platform’s handling of user data potentially transferred to China.
Ireland’s Data Protection Commission (DPC), which acts as TikTok’s primary data privacy regulator in the EU due to the company’s European headquarters in Dublin, announced the inquiry Thursday. The probe follows a previous investigation that concluded earlier this year, resulting in a €530 million ($620 million) fine over the company’s data practices involving children.
This time, regulators are focusing on whether TikTok violated the EU’s General Data Protection Regulation (GDPR) by transferring European user data to China without adequate safeguards. Under GDPR, personal data can only be moved outside the 27-nation bloc if the destination offers privacy protections comparable to EU standards. China is not considered one of the jurisdictions that meets this threshold.
"The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue," the DPC said in a statement.
The probe stems from concerns raised during the earlier investigation. At the time, TikTok initially claimed it did not store European user data in China and that only limited remote access was granted to staff based there. However, the company later acknowledged that some user data had, in fact, been stored on Chinese servers.
TikTok, owned by Chinese tech firm ByteDance, has faced mounting scrutiny across Europe and North America over data security and its potential links to the Chinese government.
In response to privacy concerns, TikTok launched Project Clover — a data localization initiative that includes building three data centers across Europe to house user information within the region.
TikTok said it discovered the data issue internally as part of Project Clover’s enhanced monitoring tools.
“Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” the company said in a statement. “We promptly deleted this minimal amount of data from the servers and informed the DPC. Our proactive report to the DPC underscores our commitment to transparency and data security.”
The new inquiry will examine whether these data transfers were lawful and whether the platform met its responsibilities under EU privacy laws.
The outcome could have broader implications for how tech platforms operating in Europe manage international data flows — especially to countries not recognized as offering adequate protections.
The European Union’s concern over TikTok’s data transfers to China centers on protecting citizens’ privacy rights under the General Data Protection Regulation, or GDPR. The regulation treats data privacy as a fundamental right and limits transfers to countries with comparable protections.
China is not considered one of them, raising fears that user data could be accessed by the Chinese government without consent. TikTok’s popularity among children, journalists, and public figures adds to the stakes. The EU also sees consistent enforcement of GDPR as critical to maintaining its legal authority and credibility.
Beyond privacy, officials worry about national security risks and the need to reduce reliance on foreign technology governed by different political systems. Unregulated data flows could erode public trust in digital platforms, harm the digital economy, and weaken Europe’s influence in global technology governance.