TikTok Faces 2nd Probe by EU Watchdog Over China Data Transfers

The video-sharing app was fined $620 million in May for transferring European users’ personal data to China, a ruling the company is appealing.
TikTok Faces 2nd Probe by EU Watchdog Over China Data Transfers
A man holds a smartphone displaying the logo of Chinese social media platform Tiktok in an office in Paris on April 19, 2024. Antonin Utz/AFP via Getty Images
|Updated:
0:00

Popular video-sharing app TikTok is under a fresh investigation by its main regulator in the European Union over data storage in China.

Ireland’s Data Protection Commission (DPC) announced in a statement on July 10 that it is investigating TikTok’s transfer of European users’ data to servers within China.

TikTok, owned by Beijing-based Bytedance, registered its EU headquarters in Ireland, making the Irish privacy watchdog the lead supervisory authority over the company within the 27-nation bloc.

The latest probe came just weeks after the social media company was hit by a fine of 530 million euros ($620 million). The decision is a result of a four-year investigation by Irish regulators, who determined that TikTok violated the EU’s strict General Data Protection Regulation (GDPR) by sending European users’ data back to China.

During the earlier investigation, TikTok maintained that European users’ personal data was “not stored on servers located within China” and could only be accessed by TikTok staff in China remotely, the Irish DPC said on July 10.

However, in April, regulators learned from TikTok that limited European user data “had in fact been stored on servers in China,” contrary to the evidence the company had previously presented, according to the statement.

In their previous decision, Irish regulators expressed “deep concern” that “TikTok had submitted inaccurate information.”

After consulting with other data protection commissions in the EU, the regulators decided to initiate this inquiry into TikTok. The focus of the second inquiry will be to determine whether TikTok met its obligations under GDPR when transferring user data back to China, according to the statement.

The Irish DPC said it notified TikTok about the new probe earlier this week.

The Epoch Times has reached out to TikTok for comment.

While announcing the significant fines in May, the Irish DPC pointed to the risks associated with China’s law, including the counter-espionage laws mandating that companies hand over their user data upon request from the Chinese authorities.
The Irish regulators said at the time that TikTok did not address potential access by Chinese authorities to the data under counter-espionage and other laws, which TikTok itself identified as materially diverging from EU standards.

As part of the decision, the Irish DPC ordered TikTok to suspend all data transfers to China, unless it could bring its data processing practices into compliance with the GDPR within six months.

TikTok responded at the time that the company strongly contested the finding by the Irish DPC, stating that it has used the EU’s own legal framework, specifically so-called standard contractual clauses, to grant tightly controlled and limited remote access. The company is appealing that ruling.

It also noted that the DPC’s ruling was based on a “select period” that ends in May 2023, before the launch of a data localization plan called Project Clover, which involves building three data centers within the EU.

“The facts are that Project Clover has some of the most stringent data protections anywhere in the industry, including unprecedented independent oversight by NCC Group, a leading European cybersecurity firm,” Christine Grahn, TikTok’s European head of public policy and government relations, said in a statement on its website. “The decision fails to fully consider these considerable data security measures.”
Reuters contributed to this report.