European data privacy authorities have opened a fresh investigation into TikTok following revelations that the platform stored some users’ data on servers in China, despite earlier assurances to the contrary.
Ireland’s Data Protection Commission (DPC), which oversees EU data privacy compliance for TikTok’s European operations, said Thursday that the company had disclosed in April that a portion of personal data belonging to users in the European Economic Area had indeed been stored in China before being deleted. This disclosure contradicted evidence TikTok previously submitted during regulatory probes.
The regulator expressed alarm at what it described as the submission of inaccurate information during past investigations, noting that it had raised “deep concern” over the platform’s data handling transparency.
In May, the DPC imposed a hefty €530 million ($620 million) fine on TikTok for unlawfully transferring European users’ data to China, though the social media company maintained the data was only accessed remotely rather than physically stored there. TikTok has signalled its intention to challenge that penalty in court.
The popular short-video app, owned by Chinese technology conglomerate ByteDance, continues to face intense scrutiny from Western governments, many of whom suspect that its vast troves of user data could be exploited by Beijing for surveillance or propaganda. TikTok has repeatedly denied receiving any requests from Chinese authorities for European user data.
With a global user base exceeding 1.5 billion, TikTok’s compliance with Europe’s strict privacy rules remains under a bright regulatory spotlight as tensions between China and Western democracies persist over digital security and data sovereignty.
But since it has its European headquarters in Ireland, the Irish authority is the lead regulator in Europe for the social platform — as well as others such as Google, Meta and Apple.
Read also: We Have No Plans To Sell TikTok, Chinese Parent Firm Insists
The Irish Data Protection Commission (DPC), responsible for enforcing Europe’s landmark General Data Protection Regulation (GDPR), has expanded its scrutiny of TikTok amid persistent concerns over data security breaches involving European users.
This latest inquiry aims to assess whether TikTok has fulfilled its legal responsibilities under the GDPR framework, which has served as the backbone of EU privacy protections since its enactment in 2018. Regulators across Europe have wielded the regulation to clamp down on digital giants accused of mishandling personal data, levying hefty fines in recent years to establish stricter compliance standards.
TikTok, owned by China’s ByteDance, has long defended its data privacy practices, pointing to initiatives like Project Clover—a €12 billion ($14 billion) commitment to bolster European data security infrastructure over a decade starting in 2023. The company has consistently insisted that user information is stored within servers located in Norway, Ireland, and the United States, with Chinese employees barred from accessing sensitive identifiers such as IP addresses or phone numbers.
However, TikTok confirmed to AFP in May that it had alerted the Irish watchdog about what it described as a “technical issue” affecting data transfers. This admission followed revelations that contradicted previous claims on how and where user data was processed and stored.
Beyond Europe, TikTok is battling regulatory headwinds in the United States. Washington has threatened to ban the app altogether unless its Chinese ownership is relinquished. In late June, President Donald Trump announced that a group of buyers had been identified to take over TikTok’s American operations, suggesting that the identities of these prospective purchasers could be made public within weeks.
The EU’s intensified oversight of TikTok reflects a broader crackdown on technology platforms, as authorities seek to address data privacy violations, curb anti-competitive practices, and regulate disinformation across the digital ecosystem.