TikTok faces a new European Union privacy investigation into user data sent to China, regulators declared yesterday.
The latest inquiry follows on an investigation earlier this year when the EU’s Data Protection Commission (DPC) fined the video-sharing app 530 million euros having concluded that it had left users vulnerable to possible spying by allowing staff in China remote access to their data.
Ireland’s national watchdog serves as TikTok’s lead data privacy regulator in the EU since the company’s European headquarters is Dublin-based.
TikTok previously informed the DPC that it did not store European user data in China, claiming that such data could be accessed only remotely by staff there. However, it retracted this claim later, admitting that some data had been stored on Chinese servers.
The Dublin-based watchdog indicated at the time that it would consider further regulatory action, hence the DPC decision “to open this new inquiry into TikTok,” the watchdog agency said. “The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the GDPR”, – the EU’s strict privacy rules, known as the General Data Protection Regulation.
Owned by China’s ByteDance, TikTok has been under close scrutiny in Europe over its handling of personal user information, which Western officials fear could present a security risk.
TikTok insists that it was the one that first notified the DPC about the issue, having launched Project Clover, a data localisation venture that included building three data centres in Europe to reassure EU officialdom about user data concerns.
“Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover,” a company statement declared, pointing out how it had “promptly deleted” this minimal amount of data from the servers and informed the DPC accordingly. “Our proactive report to the DPC underscores our commitment to transparency and data security.”
The GDPR demands that European user data can only be transferred outside of the EU bloc when safeguards are in place to ensure the same level of protection. However, China is not among the 15 countries and/or territories deemed to meet the EU’s standards for data privacy.
