This has not been a great week for TikTok. It lost one round against a UK fine and the Irish DPC has opened yet another investigation into their transfer and storage of data in China.
Elizabeth Greenberg reports:
TikTok has lost its first round of appeals against the UK Information Commissioner’s Office £12.7m fine issued in April 2023.
The fine was levied against the social media titan over concerns on its processing of personal data of under 13-year old children, finding that such processing was not in line with regulations in UK GDPR.
TikTok attempted to appeal the ruling, saying that its data processing was for artistic purposes, so ‘special provisions’ should be allowed under GDPR.
They lost this first round. Read more at Digit News.
Then the Irish DPC issued a second investigation into TikTok’s data transfer and storage:
The Data Protection Commission (DPC) has today announced that it has opened an inquiry into TikTok Technology Limited’s (TikTok) transfers of EEA users’ personal data to servers located in China. The inquiry follows on from the DPC’s decision of 30 April 2025, which also considered TikTok’s transfers of EEA users’ personal data to China under a separate inquiry. However, during that previous inquiry, TikTok maintained that transfers of EEA users’ personal data to China took place by way of remote access only and that EEA user data were not stored on servers located within China i.e. EEA user data were stored on servers located outside of China and were accessed remotely by TikTok staff from within China. Accordingly, the DPC’s decision of 30 April 2025 did not consider TikTok’s storage of EEA users’ personal data on servers located in China.
However, in April 2025, TikTok informed the DPC of an issue that it had discovered in February 2025, namely that limited EEA user data had in fact been stored on servers in China, contrary to TikTok’s evidence to the previous inquiry.
The DPC’s decision, which issued following the inquiry cooperation procedure with peer EU regulators under the GDPR One Stop Shop mechanism, expressed its deep concern that TikTok had submitted inaccurate information to that inquiry. In its press release issued at the time of the conclusion of that inquiry, the DPC stated that it was taking those developments “very seriously” and was “considering what further regulatory action may be warranted, in consultation with our peer EU Data Protection Authorities”. As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok.
Read more at DataProtection.ie. China has denied the allegations.