The Irish Data Protection Commission (DPC) has announced an inquiry into TikTok’s transfer of user personal data to servers located in China. The inquiry comes shortly after another DPC investigation, which led to a €530 million fine on TikTok.
The last investigation revealed that TikTok’s staff in China could remotely access EEA users’ personal data, violating the EU’s GDPR. This new inquiry looks into the storage of EEA users’ data on servers located in China. The DPC’s announcement states that TikTok claimed in April 2025 that only a limited amount of user data was stored on Chinese servers; however, this goes against the evidence TikTok presented in the previous investigation.
Moving forward, the new investigation focuses entirely on whether or not “TikTok has complied with its relevant obligations under the GDPR in the context of the transfers now at issue, including the lawfulness of the transfers pursuant to Chapter V of the GDPR.” The app had previously disclosed that it doesn’t store any data on Chinese servers, but the DPC discovered otherwise in February 2025, eventually leading to a second investigation.
TikTok has been the subject of scrutiny in the West over its data storage and handling polices for a while now. Outside of the two DPC inquiries, national security concerns regarding spying and unauthorised use of collected user data are what the app is targeted for usually.
While TikTok has improved its policies to stay relevant and prevent being banned in the EU and the US, providing false information to the DPC has once again put both the app and ByteDance, its creator, into jeopardy. The app has also been sued for violating child privacy laws by the US Department of Justice and Federal Trade Commission (FTC) in the past.
In the News: British NCA arrest four for hacking M&S, Co-op, and Harrods
