TikTok in Europe’s crosshairs: New allegations of personal data violations and illegal transfers to China.
The popular short‑video platform TikTok, owned by the Chinese company ByteDance, is facing a new wave of scrutiny in Europe.
This Thursday, the Austrian NGO noyb filed complaints in Belgium, Greece, and the Netherlands against TikTok, AliExpress, and WeChat for failing to comply with the European Union’s General Data Protection Regulation (GDPR).
The allegations claim these Chinese apps have not adequately responded to user requests regarding the handling of their personal data—a fundamental right guaranteed by EU law.
Furthermore, on July 10, the Irish Data Protection Commission (DPC) launched an investigation into TikTok over the storage of personal data on Chinese servers, raising fears of espionage and propaganda from Beijing. These legal actions could result in fines of up to 4% of the company’s global revenue—designed to deter future violations.
In May 2025, the DPC imposed a record €530 million fine on the platform for transferring European user data to servers in China without adequate safeguards, breaching GDPR Article 46(1). An additional €45 million was levied for failing to clearly disclose in its 2021 privacy policy that data would be stored in China.
TikTok apparently did not conduct the necessary assessments to mitigate the risk of Chinese government access under local security laws.
TikTok denies the allegations and has announced it will appeal, stating it has never shared European user data with the Chinese government.
The NGO noyb, known for its privacy activism, has escalated pressure on TikTok. Earlier, in January 2025, it filed similar complaints against six Chinese apps for illegal data transfers to Beijing.
While platforms like Shein, Temu, and Xiaomi responded to user requests, TikTok, AliExpress, and WeChat were flagged for providing incomplete answers or ignoring them altogether, noyb lawyer Kleanthi Sardeli criticized them for “collecting enormous amounts of data but refusing to give users full access, as required by law.”
These new complaints in three European countries aim to enforce GDPR compliance and seek fines that could total billions, given TikTok’s 1.5 billion global users.
The backdrop of these complaints is not merely technical but deeply geopolitical. Western governments—especially in Europe and the U.S.—have long expressed concern about TikTok’s ties to the Chinese government.
Owned by ByteDance, the platform remains under constant scrutiny over fears that user data could be used for espionage or propaganda by Beijing.
In 2023, the European Commission banned its staff from using TikTok on official or work-linked personal devices—a restriction adopted by several EU institutions, including the European Parliament. This move reflected growing wariness toward Chinese platforms amid rising East‑West tensions.
The €530 million fine in May was not the DPC’s first against TikTok. In 2023, it was fined €345 million for violations related to handling data of minors. This pattern of infringements reinforces the perception that TikTok has not taken Europe’s strict data‑protection rules seriously.
The Irish DPC, due to many tech giants—including TikTok—having their EU base in Ireland, has become a key regulator, also having fined firms like Meta, LinkedIn, and X.
TikTok has taken a defensive stance, insisting it uses EU‑approved standard contractual clauses to manage data transfers and denies any collaboration with Chinese authorities.
Privacy or Control?
The TikTok case raises a fundamental question: To what extent can tech platforms—especially those tied to authoritarian regimes—truly guarantee user privacy?
This situation goes beyond regulatory compliance; it’s a warning about the risks of allowing foreign companies with opaque political agendas to handle sensitive data of millions. The European Union, with its strict data‑protection framework, is sending a clear message: privacy is non‑negotiable.
About The Author
