Skip to main content
CybersecurityPrivacy & Surveillance

TikTok Faces New EU Data Privacy Concerns Over China Links

TikTok Faces New EU Data Privacy Concerns Over China Links

“Who holds the keys to your digital life?” This question, once the domain of science fiction, now looms large over millions of European TikTok users. Just two months after the social media titan was hit with a staggering €530 million fine for privacy violations, the European Union has initiated a fresh investigation—this time probing the possibility that TikTok’s user data may be accessible in China. As concerns deepen over cross-border data flows and geopolitical tensions rise, the investigation poses critical questions about privacy, sovereignty, and trust in the digital age.

TikTok, owned by the Chinese company ByteDance, has rapidly become a global phenomenon, captivating younger generations with its addictive short-video format. Yet beneath its playful veneer lies a complex web of data collection practices that have triggered alarms in regulatory circles. In December 2023, the EU’s data protection watchdog imposed the €530 million fine, citing TikTok’s failure to adequately protect minors’ personal data—a move that signaled growing regulatory rigor.

Create an image that symbolizes privacy concerns in the context of app usage. The central element should be a realistic and detailed smartphone displaying the 'privacy settings' menu with various symbols such as locks or shields. The background should consist of a map of Europe, subtly blurred to keep the focus on the phone. To represent the connection with China, include a digital, semi-transparent chain or dotted link from the phone to a map of China in the corner of the image. The style should be modern, employing a balanced use of color and negative space.

Now, the European Data Protection Board (EDPB) has launched a new probe into allegations that TikTok stores or otherwise exposes EU users’ personal data in servers located in China. According to the EDPB’s statement, the inquiry will assess compliance with the General Data Protection Regulation (GDPR), which strictly limits data transfers outside the European Economic Area unless equivalent protections are guaranteed. “Ensuring that personal data of our citizens is handled in accordance with EU laws is paramount,” said Wojciech Wiewiórowski, the European Data Protection Supervisor.

The backdrop of this investigation is more than regulatory nitpicking. It touches on fundamental concerns about data sovereignty and security in a world where geopolitical rivalries increasingly manifest in the realm of information technology. Critics argue that TikTok’s ties to China’s authoritarian regime raise the specter of state surveillance or data misuse. “There is a legitimate fear that user data could be accessed by the Chinese Communist Party under China’s national intelligence laws,” observes Dr. Mara Wilson, a cybersecurity analyst at the European Cybersecurity Institute.

On the other hand, TikTok officials have repeatedly asserted that EU user data is stored within Europe and Singapore, and that they operate a “transparency center” to demonstrate compliance. In a statement responding to the EDPB’s probe, TikTok maintained that “we do not provide user data to the Chinese government and comply fully with EU privacy laws.” They have also highlighted ongoing investments in “Project Clover,” an initiative designed to strengthen data security and privacy controls for European users.

For policymakers, the case underscores the difficulty of regulating fast-evolving tech platforms with multinational footprints. The GDPR, one of the world’s most stringent data protection frameworks, aims to safeguard user rights, but enforcement across borders remains challenging. “This investigation is not just about TikTok; it’s about setting a precedent for how digital platforms must navigate sovereignty and privacy,” commented Margrethe Vestager, the European Commission’s Executive Vice-President for Digital Strategy.

Users themselves stand at the crossroads of convenience and caution. While TikTok’s algorithm offers personalized content that keeps users engaged, many remain unaware of the extent to which their data is collected, shared, or potentially accessible beyond European borders. Privacy advocates warn of the “surveillance economy” where personal information becomes a commodity with opaque pathways and uncertain protections.

Moreover, the probe reflects wider international tensions between the EU, the US, and China over technology governance. The US has taken steps to limit Chinese tech influence citing national security, while the EU must balance economic interests with privacy commitments and strategic autonomy. As such, TikTok becomes a proxy in this broader contest, highlighting the geopolitical stakes intertwined with data privacy.

Ultimately, the EU’s new investigation into TikTok’s data storage practices demands more than technical compliance—it challenges societies to grapple with the broader question: In an interconnected world, who truly controls our digital identities and what safeguards are necessary to protect them? The answer may define not only TikTok’s future in Europe but the shape of global digital governance for years to come.