TikTok is under renewed investigation by the Irish Data Protection Commission (DPC). The inquiry focuses on whether the platform violated GDPR by sending EU user data to servers in China. This comes shortly after TikTok received a €530 million fine in April 2025 for a similar breach.
That earlier case exposed unauthorized remote access by staff in China. It revealed that TikTok did not follow EU data protection laws. The DPC now wants to determine if deeper issues remain within TikTok’s data handling framework.
TikTok Accused of Misleading Regulators
During the previous investigation, TikTok insisted it kept European user data within EU borders. Later, it admitted some data had been sent to Chinese servers. This reversal alarmed regulators and raised questions about transparency.
The DPC suspects TikTok may have submitted false or incomplete disclosures. Investigators are also examining if ByteDance, TikTok’s parent firm, broke transparency rules under GDPR. At the center is whether users were clearly told how and where their data was processed.
ByteDance’s European Troubles Grow
TikTok’s response to the initial fine included an appeal. The company claimed the decision was based on outdated systems. It highlighted Project Clover, a €12 billion initiative to build data centers across Europe.
Despite this, regulators remain unconvinced. They’re working with other EU authorities to assess TikTok’s current practices. If the new probe confirms further violations, ByteDance could face additional penalties.
The outcome may shape future rules around international data transfers. For now, TikTok’s GDPR challenges show no sign of easing.
