TLDRs;
Contents
- Ireland’s privacy watchdog has launched an investigation into TikTok over the potential storage of EU user data in China.
- TikTok had previously claimed no EU data was stored in China, but later disclosures contradicted that assurance.
- The probe highlights ongoing regulatory concerns tied to TikTok’s Chinese ownership and global data practices.
- Fines for privacy violations are rising, and companies like TikTok face increasing pressure to comply with evolving global data laws.
Ireland’s data protection watchdog has opened a new investigation into TikTok over concerns that European users’ data may have been stored on servers in China, raising fresh questions about the company’s compliance with European privacy laws.
The move comes after TikTok disclosed in April 2025 that some user data had been temporarily stored in China, despite previously assuring the Irish Data Protection Commission (DPC) that EU data was only accessed remotely and not stored in the country.
That earlier statement had followed a February admission by the company revealing that certain data had, in fact, been stored on Chinese infrastructure.
Conflicting Statements Raise Red Flags for Regulators
The DPC, which serves as TikTok’s lead privacy regulator within the EU, expressed concern about the “misleading” nature of the company’s prior communications. It has now launched a formal probe to determine whether TikTok breached the General Data Protection Regulation (GDPR) in transferring or storing user data in a country the EU does not deem to have adequate privacy protections.
The regulator is also collaborating with other European data protection authorities to assess the implications of TikTok’s actions and consider possible enforcement measures. TikTok claims it detected the issue internally, deleted the affected data, and voluntarily reported the incident.
Still, regulators are questioning whether the incident points to broader compliance failures, especially given China’s status outside the EU’s list of approved data protection regimes.
An Ongoing Pattern of Data Transfer Controversies
This latest development is not the first time TikTok’s data handling practices have come under fire. As far back as 2019, the company faced legal action in California over allegations that it secretly transferred user data to servers in China without proper consent. At the time, TikTok denied those claims, insisting user data was housed in the U.S. and Singapore.
Despite repeated controversies, TikTok’s popularity has continued to surge, boasting over 1.5 billion users globally and breaking download records in the United States. Yet its Chinese ownership and data practices remain a flashpoint for privacy advocates and regulators on both sides of the Atlantic.
By 2025, European authorities have zeroed in on transfers of personal data to China as a critical area of regulatory enforcement, with non-profit watchdogs and privacy groups like ‘noyb’ targeting companies suspected of routing EU data through Chinese channels without proper safeguards.
Tougher Penalties and Rising Compliance Stakes
The financial risks for privacy violations are also intensifying. TikTok has already faced a €530 million fine in a separate data protection case. Under GDPR rules, companies can be fined up to 4% of global annual turnover for violations, penalties that mirror new U.S. laws like the American Privacy Rights Act, further complicating the legal landscape for global firms.
In today’s environment, non-compliance is more than a regulatory headache. It can lead to reputational damage, legal setbacks, and long-term erosion of user trust. With multiple countries enacting new privacy laws in 2025 alone, international tech companies like TikTok are under growing pressure to align their operations with evolving data protection regimes.
