Irish DPC Opens Probe of TikTok Data Transfers to China
TikTok transferred European Economic Area (EEA) users' personal data to servers in China, the Irish Data Protection Commission said Thursday as it launched a probe into the social media platform's activities.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The investigation follows an April 30 Irish DPC decision to fine TikTok $600 million (530 million euros) in a separate inquiry (see 2505020001). During that inquiry, TikTok asserted that its transfers of Europeans' personal data to China occurred via remote access only and that user data wasn't stored on Chinese servers, the DPC noted.
Based on those claims, the watchdog's April decision didn't consider data storage in China, it said. But in April, the company notified the DPC that it had discovered in February that some EEA user data had in fact been stored on servers in China.
The purpose of the latest inquiry is to determine if TikTok has complied with relevant General Data Protection Regulation (GDPR) requirements in the context of the data transfers now under investigation, the DPC said.
The probe will center on GDPR provisions on accountability, transparency of information regarding third-country transfers, cooperation with the DPC and compliance with requirements for third-country transfers, the watchdog noted.
TikTok "proactively discovered this issue through comprehensive monitoring," a spokesperson emailed us. "We promptly deleted this minimal amount of data from the servers and informed the DPC," underscoring the company's commitment to transparency and data security.