TikTok Faces New EU Privacy Investigation Over Data Transfers to China

New Inquiry Launched by EU Regulators

In a recent development, TikTok is under investigation by the European Union regarding the handling of user data sent to China, as announced by regulators on Thursday.

The Data Protection Commission (DPC) has initiated this inquiry following a previous investigation that concluded earlier this year, resulting in a hefty fine of 530 million euros (approximately $620 million). This fine was imposed after it was determined that the app had exposed users to potential surveillance by permitting remote access to their data from China.

The DPC acts as TikTok's primary data privacy regulator within the EU, given that the company's European headquarters is located in Dublin.

During the earlier investigation, TikTok initially claimed that it did not store European user data in China and that access was limited to remote staff in China. However, the company later revised its statement, admitting that some data was indeed stored on Chinese servers. In response, the DPC indicated that it would consider further regulatory measures.

Consequently, the DPC has decided to launch this new inquiry into TikTok's practices.

The inquiry aims to assess whether TikTok has adhered to its obligations under the General Data Protection Regulation (GDPR), particularly concerning the legality of the data transfers in question.

Owned by China's ByteDance, TikTok has faced increasing scrutiny in Europe regarding its management of personal user data, with Western officials expressing concerns about potential security threats.

In its defense, TikTok stated that it proactively informed the DPC about the situation after initiating a data localization project named Project Clover, which involves establishing three data centers in Europe to address security issues.

The company emphasized that it discovered the issue through its rigorous monitoring under Project Clover, promptly deleting a small amount of data from its servers and notifying the DPC. This proactive communication reflects TikTok's commitment to transparency and data security.

According to GDPR regulations, the transfer of European user data outside the EU is permissible only if adequate safeguards are in place to ensure equivalent protection. Currently, only 15 countries or territories meet the EU's data privacy standards, and China is not among them.