Ireland’s Data Protection Commission (DPC) opened a fresh inquiry into TikTok‘s transfer of European user data to China, following a €530 million fine imposed earlier this year. The investigation will examine whether TikTok has complied with EU privacy regulations regarding cross-border data transfers.

This new probe by the Irish watchdog, which serves as TikTok’s lead privacy regulator in the EU due to the company’s European headquarters in Dublin, stems from revelations during an earlier investigation that concluded in May with a substantial fine for General Data Protection Regulation (GDPR) violations.

“The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue, including the lawfulness of the transfers,” the regulator stated in a media release.

Contradictory Information Uncovered

During the previous investigation, TikTok initially claimed it did not store European user data in China and that the data was only remotely accessed by China-based staff. However, the company later revealed that some European user data had in fact been stored on Chinese servers, prompting the regulator to consider further action.

The €530 million penalty included €485 million specifically addressing violations of Article 46(1) of the GDPR regarding data transfers, with the remaining €45 million related to transparency failures in TikTok’s privacy policy.

Project Clover and Data Localization Efforts

TikTok noted that it self-reported the data issue after discovering it through monitoring implemented under Project Clover, the company’s €12 billion European data security initiative.

“Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” a company statement read. “We promptly deleted this minimal amount of data from the servers and informed the DPC.”

The ByteDance-owned platform has been expanding its European data infrastructure, with facilities in Ireland, Norway, and a recently announced €1 billion investment in Finland. These data centers aim to store information from the platform’s 175 million European users within what TikTok calls its “European Enclave.”

Mounting Regulatory Challenges

This inquiry adds to TikTok’s growing regulatory scrutiny in Europe. In addition to the privacy investigation, the European Commission recently charged TikTok with breaching the Digital Services Act (DSA) over advertising transparency issues, potentially resulting in fines of up to 6% of its global turnover.

Under GDPR, European user data can only be transferred outside the bloc if equivalent protection standards are maintained. China is not among the 15 countries recognized by the EU as having comparable data privacy standards.

Checkout Our Latest Podcast