TikTok faces fresh scrutiny from Ireland’s data regulator over

TikTok was penalised 530 million euros ($600 million) by its lead EU privacy regulator on Friday over problems with how it saves user information. Data transfers to China were ordered to be suspended if their processing was not obedient within six months.

Ireland’s Data Protection Commissioner (DPC) has concluded that TikTok violated European Union data protection laws by failing to sufficiently safeguard EU users’ personal data—especially with respect to potential access by Chinese authorities. The ruling centers on TikTok’s failure to demonstrate that personal data accessed remotely by staff in China was afforded EU-level protection, raising concerns about divergence in Chinese counter-espionage laws.

Remote Access & Chinese Law at the Core of Dispute

Owned by Beijing-based ByteDance, TikTok has long faced geopolitical scrutiny over its data security practices. In this case, the DPC found the platform inadequately addressed the risk of Chinese state access to EU user data, despite TikTok’s reliance on Standard Contractual Clauses (SCCs)—a legal mechanism allowed under EU law to permit data transfers to non-EU countries.

TikTok strongly contested the ruling, insisting it employs robust safeguards and real-time monitoring measures (introduced in 2023) that control and audit all remote access. It also claimed EU user data is now housed in dedicated data centers in Europe and the U.S., further insulating it from external access.

Data Found Stored in China Despite Prior Assurances

A separate revelation also impacted the ruling. Although TikTok previously insisted that no EU data was stored in China, the company disclosed in April that a small amount of EU data had indeed been stored there, discovered in February and subsequently deleted.

DPC Deputy Commissioner Graham Doyle stated the regulator is evaluating further action in light of this new information, underscoring the seriousness of the breach.

TikTok Warns of Broader Implications

TikTok emphasized it has never received or complied with requests from Chinese authorities for EU user data. The company also warned that the DPC’s decision could set a precedent impacting globally operating firms across industries, potentially creating stricter standards for international data transfers and operations.

With 175 million users in Europe, TikTok remains under intense scrutiny—not only from the DPC but also from broader EU authorities keen on enforcing GDPR regulations amid rising tensions between data privacy and global platform governance.