TikTok is once again under scrutiny from the European Union after regulators announced a new investigation into possible violations of privacy rules, specifically concerning the transfer of European user data to China.
Ireland’s Data Protection Commission (DPC) launched the latest probe as a follow-up to a previous investigation that concluded earlier this year with a €530 million fine (about $620 million). That inquiry found that the popular video-sharing app exposed users to potential surveillance by allowing remote access to their personal data from China.
Since TikTok’s European headquarters is located in Dublin, the Irish regulator serves as the company’s lead supervisory authority within the 27-nation bloc.
During the earlier investigation, TikTok initially claimed that it did not store European user data in China and that access by Chinese staff was limited to remote connections. However, the company later admitted that some data had indeed been stored on servers in China. In response, the DPC said it would consider further regulatory action.
“As a result of that consideration, the DPC has now decided to open this new investigation into TikTok,” the agency said.
The goal of the new inquiry is to assess whether TikTok has complied with its legal obligations under the General Data Protection Regulation (GDPR), including the lawfulness of the data transfers in question, the regulator stated.
So far, TikTok has not responded to a request for comment.
Owned by China-based ByteDance, TikTok has come under increasing scrutiny across Europe and other Western countries over its handling of personal user information, amid growing concerns that the platform could pose a security risk.
Under the GDPR, data from European users can only be transferred outside the EU if adequate safeguards are in place to ensure an equivalent level of protection. Currently, only 15 countries or territories are considered to meet that standard—and China is not among them.