The Irish Data Protection Commission (DPC) has opened a fresh inquiry into TikTok’s handling of European users’ personal data, focusing specifically on the transfer and storage of that data on servers located in China.
The investigation follows TikTok’s disclosure earlier this year that some European user data had, contrary to its previous claims, been stored on servers in China. This admission came in February 2025 and was formally notified to the DPC in April.
The new probe is a continuation of the regulator’s scrutiny of TikTok’s cross-border data practices, particularly in relation to the General Data Protection Regulation (GDPR). A prior investigation concluded in April resulted in a €530 million fine for the video-sharing platform, which TikTok has said it intends to appeal.
According to the DPC, TikTok had previously assured regulators that European user data was accessed remotely by employees in China, but was not physically stored on Chinese servers. However, the company later acknowledged that limited data had indeed been stored in China, contradicting its earlier position.
In a statement issued at the conclusion of the previous inquiry, the DPC noted that it was taking the new revelations “very seriously” and was consulting with its fellow data protection authorities across the European Union on what further action should be taken.
The current inquiry, officially launched this week, aims to assess whether TikTok’s data transfers and storage practices are in line with GDPR requirements, particularly with regard to the lawfulness, transparency, and security of personal data handling.
The investigation was approved by Commissioners for Data Protection Dr. Des Hogan and Dale Sunderland and formally communicated to TikTok earlier this week.
“This inquiry will examine whether TikTok has complied with its obligations under GDPR in light of new information regarding data transfers to and storage in China,” the DPC said.
TikTok, owned by Chinese tech company ByteDance, has faced mounting regulatory pressure in Europe and the United States over concerns about data privacy, national security, and the potential for foreign government access to user information.
In response to the DPC’s actions, TikTok has maintained that it takes user privacy seriously and continues to enhance data protection measures for its European users. The company has not yet publicly commented on the launch of the new inquiry.
The DPC serves as TikTok’s lead privacy regulator in the EU, as the company has its European headquarters in Ireland. The outcome of this investigation could have significant implications for how global tech companies manage cross-border data under European privacy laws.
