EU Resumes Data Storage Practices
In a recent turn of events, the Irish Data Protection Commission (DPC) has imposed a €530 million fine on TikTok, the popular social media platform, for insufficient data protection measures for European users. The fine, announced in early May, is the second highest ever imposed by the DPC and follows an investigation into TikTok's data storage practices.
The DPC, responsible for monitoring TikTok and other online companies with their EU headquarters in Ireland, launched an investigation into TikTok due to concerns that personal data from European users was being stored on servers in China. TikTok, owned by the Chinese Bytedance conglomerate, has been under scrutiny for years, with critics raising concerns that Beijing could use the network for spying purposes.
Despite TikTok's claim that European Economic Area (EEA) user data were not stored on servers in China but were accessed remotely by TikTok staff from within China, it was revealed in early 2025 that a limited amount of EEA user data had, in fact, been stored on servers in China. This contradicted TikTok's previous assertions.
Primarily, TikTok's user data is stored in protected data centers located in the United States, Malaysia, and Singapore. The company has announced plans to open a data center in Ireland. TikTok uses encryption to protect data both at rest and in transit, with encryption keys managed by a US-based security team.
In response to the findings, TikTok described the incident as a "technical problem" that it was voluntarily disclosing in the interest of "transparency". The data on the Chinese servers had been deleted. However, the DPC expressed "deep concern" to TikTok for providing "inaccurate information".
The aim of the new investigation launched by the DPC is to "determine whether TikTok has complied with its relevant obligations under the EU General Data Protection Regulation". TikTok has announced that it will appeal against the €530 million fine.
With 1.5 billion users worldwide, TikTok remains a significant player in the social media landscape. Despite the controversy, it continues to be particularly popular among young people. The company has emphasized its commitment to user privacy and security, and it will be interesting to see how this situation unfolds in the coming months.
- The Irish Data Protection Commission (DPC) has shown concern over TikTok's community policy, as it contravened the EU General Data Protection Regulation by storing limited European user data on servers in China.
- In the realm of policy-and-legislation, TikTok's employment policy will face scrutiny as the DPC investigates the company's compliance with the EU General Data Protection Regulation, particularly regarding data-and-cloud-computing practices.
- The general-news and politics spheres have seized on the TikTok case, as a major social media platform's handling of technology and data privacy issues continues to raise questions about the potential risks and power dynamics in the global digital landscape.
