The Data Protection Commission (DPC) recently announced an inquiry into TikTok Technology Limited’s data handling practices specifically concerning EEA (European Economic Area) users. This investigation focuses on TikTok’s transfer of user data to servers based in China, a move that has raised significant concerns about compliance with GDPR regulations.
Context and Background:
The inquiry emerges from previous findings in April 2025, where TikTok admitted that contrary to earlier statements, some EEA user data had been stored on Chinese servers. Initially, TikTok had asserted that user data was only remotely accessed by staff in China, not stored there. This admission prompted the DPC, alongside EU counterparts, to take a more profound look into TikTok’s compliance with GDPR laws regarding cross-border data transfers.
Scope of the Inquiry:
The DPC aims to determine whether TikTok’s data transfer practices meet the obligations stipulated under the GDPR. The inquiry will assess specifically the adherence to several GDPR provisions, including accountability (Article 5(2)), transparency in third-country transfers (Article 13(1)(f)), cooperation with authorities (Article 31), and the comprehensive requirements outlined in Chapter V for third-country data exchanges.
Implications for Data Transfers:
This investigation is especially pertinent given that GDPR enforces strict conditions on personal data transfers outside the EEA. Chapter V mandates these transfers can only occur if the receiving country ensures a data protection level equivalent to that within the EU. In TikTok’s case, the DPC will scrutinize whether such conditions have been met, particularly in the absence of an adequacy decision with China.
The Inquiry’s Significance:
For privacy experts and data protection professionals, this case underscores the importance of rigorous due diligence and transparency in international data transfers. The outcome could influence future regulatory approaches and corporate practices concerning data privacy and cross-border data management.
As data protection specialists, it is crucial to monitor developments in this case to understand how regulatory bodies enforce compliance and to gain insights into evolving international data protection standards.
Original source link: [Data Protection Commission’s Press Release](https://www.dataprotection.ie/en/news-media/press-releases/dpc-announces-inquiry-tiktok-technology-limiteds-transfers-eea-users-personal-data-servers-located).