TikTok Accused of Ongoing Data Transfers to China

tiktok data transfer china

TikTok is facing renewed scrutiny in Europe after Norway’s data protection authority accused the platform of continuing to send users’ personal data to China, despite a major EU fine and escalating regulatory pressure over cross‑border transfers. The allegations deepen long‑running fears that information about European users could be exposed to Chinese state surveillance under Beijing’s sweeping national security and intelligence laws.

Norway’s Watchdog Sounds Alarm

Norway’s Data Protection Authority (Datatilsynet) said this week that TikTok has notified European users it intends to continue transferring their personal data to China, triggering fresh concerns about privacy and legal compliance under EU rules. In a written statement, the regulator said TikTok’s own messaging to users confirmed that European and Norwegian user information would keep flowing to staff based in China.

Officials warned that such transfers carry significant risks because Chinese legislation can oblige companies to assist national intelligence agencies, potentially forcing TikTok’s Chinese owner ByteDance to hand over data if requested. The Norwegian authority stressed that while it is difficult to predict whether Chinese authorities will actually access the data, the very possibility raises red flags under strict European privacy standards.

EU’s €530 Million Fine Sets the Stage

Norway’s move comes months after Ireland’s Data Protection Commission (DPC), the lead privacy regulator for TikTok in the EU, imposed a €530 million (around 600 million dollars) fine over unlawful transfers of European users’ data to China. The DPC concluded that between 2020 and 2023 TikTok breached the General Data Protection Regulation (GDPR) by sending personal data from the European Economic Area (EEA) to China without ensuring an equivalent level of protection.

The Irish watchdog found that TikTok failed to adequately address the risk of access by Chinese authorities under China’s anti‑terrorism, counter‑espionage, cybersecurity and national intelligence laws, which it said diverge materially from EU privacy safeguards. Regulators also criticized the company’s lack of transparency, noting that TikTok had not clearly explained to users where their data was being sent or who could access it, a key requirement under GDPR.

Remote Access, Servers in China – And Inaccurate Evidence

A particularly sensitive element in the Irish decision was the revelation that some European user data had in fact been stored on servers in China, contradicting earlier assurances from TikTok during regulatory inquiries. TikTok had told the DPC that EEA user data was only subject to “remote access” from China and not stored there, but later admitted discovering in February 2025 that a limited amount of such data was indeed kept on Chinese servers.

The DPC said it was “deeply concerned” that TikTok had submitted inaccurate information during its previous investigation, and opened a new inquiry specifically focused on transfers of EEA users’ personal data to servers in China. The fresh probe will examine both where data is physically stored and how transparent TikTok is about third‑country transfers, amid growing pressure on companies to give users clear, verifiable information on cross‑border flows.

Orders to Fix Transfers – Or Stop Them

Alongside the blockbuster fine, the Irish authority ordered TikTok to bring its processing into compliance with GDPR within six months. If it fails to do so, the regulator has signaled that TikTok’s transfers of European user data to China could be suspended, effectively cutting off routine access to that data by Chinese‑based staff.

European regulators stressed that TikTok must “verify, guarantee and demonstrate” that any data sent to China benefits from protections comparable to those inside the EU, including safeguards against unjustified state access. For now, TikTok continues to transfer data while it appeals the DPC decision, exploiting the fact that enforcement measures can be temporarily paused while legal challenges are underway.

TikTok’s Defense: No Data Given to Beijing

TikTok has rejected the central allegation that its data transfers expose users to Chinese state surveillance, insisting there is no evidence it has shared European user information with Chinese authorities. The company says it has never received a formal request from Chinese government bodies for EU user data and has never provided such information, portraying itself as unfairly targeted compared with other global tech firms.

In public statements, TikTok argues that the Irish decision relates mainly to historical practices that have since been abandoned, and points to large infrastructure investments aimed at keeping European data within the region. The platform warns that the ruling could have broad repercussions for multinational companies that rely on globally distributed engineering teams, which often need access to data across borders to maintain and improve services.

Project Clover: Local Data, Global Scrutiny

To reassure European governments, TikTok has launched “Project Clover,” a multi‑billion‑euro initiative to localize storage of EU user data in dedicated regional data centers. The company says it plans to invest around €12 billion in facilities within the European Union, where data from users across the bloc would be stored and processed under enhanced oversight.

Despite these efforts, regulators remain unconvinced that local storage alone solves the problem, because engineers and staff in China may still be able to access data remotely even if it is physically housed in Europe. Watchdogs have emphasized that GDPR is concerned not only with where data sits, but also with who can access it and under what legal regime, bringing Chinese national security laws squarely into the debate.

Norwegian Concerns: Chinese Law and Uncertain Risks

Norway’s complaint is centered on precisely this tension between data location, access rights and foreign legal frameworks. The Norwegian DPA says TikTok’s ongoing transfers raise the risk that Chinese law could compel the platform to share information about European users with authorities in Beijing, even if such access has not yet occurred.

The watchdog’s section head, Tobias Judin, warned that these practices may have serious consequences for privacy, although regulators cannot predict how the data might be used in the future. Norwegian officials note that the issue is not just theoretical, given the breadth of China’s 2017 National Intelligence Law, which mandates that organizations and citizens “support, assist and cooperate” with intelligence work if called upon.

User Warnings and Growing Public Awareness

One of the most visible changes in recent months has been a new wave of in‑app notifications to European users, explicitly informing them that their data may be transferred to or accessed from China. Privacy advocates say these disclosures were prompted by regulatory pressure and court requirements, highlighting concerns that TikTok had not previously been transparent enough about international data flows.

European privacy site GRC Report notes that regulators have identified TikTok’s transfers to China as unlawful under GDPR, yet the company continues the practice while its appeal is pending. This combination of ongoing transfers, formal warnings and legal uncertainty is fuelling public debate about whether TikTok can be trusted with the personal data of millions of European users.

Wider Wave of Complaints Against Chinese Platforms

TikTok is not the only Chinese‑linked platform in the regulatory spotlight. European privacy group noyb has filed multiple GDPR complaints against TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi, alleging unlawful transfers of EU personal data to China. The complaints argue that many of these services fail to provide a lawful basis and adequate safeguards for sending data to jurisdictions with weaker privacy protections.

These coordinated challenges underscore a broader shift in European enforcement, from focusing on U.S. tech giants under the transatlantic data‑transfer regime to directly targeting Chinese companies and apps. Regulators are increasingly framing Chinese national security legislation as structurally incompatible with EU notions of fundamental rights and data protection, complicating efforts to design standard contractual clauses or technical controls that can satisfy GDPR requirements.

Fresh Irish Investigation Deepens Pressure

In July, Ireland’s DPC escalated its scrutiny by opening a new EU‑wide investigation into TikTok’s transfers of European user data to China, prompted by the company’s admission that some EEA data had been stored on Chinese servers. The inquiry will revisit the scope of TikTok’s transfers, the accuracy of the information it previously provided to regulators, and whether users have been properly informed about where their data resides and who can access it.

The DPC also intends to verify TikTok’s compliance with transparency obligations for third‑country transfers, a recurring weakness flagged in earlier enforcement actions. This new probe comes as TikTok is already appealing the €530 million fine, meaning the company is now defending itself on multiple legal fronts across Europe.

A Test Case for EU–China Data Flows

The outcome of the TikTok cases is likely to set a precedent for how European regulators handle data transfers to China across the technology sector. Legal experts note that the Irish decision explicitly found that Chinese national security and intelligence laws make it difficult to guarantee an “essentially equivalent” level of protection to that enjoyed inside the EU, a core standard under GDPR for international transfers.

If this reasoning is upheld in court, companies relying on engineering teams or cloud infrastructure in China may find it almost impossible to justify routine access to EU personal data, regardless of technical safeguards. That could accelerate a trend toward data localization, fragmentation of global platforms and the emergence of parallel digital ecosystems divided along geopolitical lines.

TikTok’s Balancing Act: Business, Compliance, Trust

For TikTok, the stakes go beyond regulatory fines. Europe is one of the platform’s largest markets, with an estimated 150‑plus million active users across the EU, and losing the ability to process their data efficiently would hit both operations and revenue. At the same time, any perception that user data is vulnerable to foreign state access risks damaging the brand and fuelling political calls for bans or forced divestitures, as seen previously in the United States and other jurisdictions.

The company is trying to navigate this minefield by combining legal appeals, infrastructure investments like Project Clover and public messaging that emphasizes security, independence and cooperation with regulators. Yet Norway’s latest accusation that TikTok continues with controversial data transfers to China suggests that, for now, questions about trust, transparency and sovereignty remain far from resolved.

What Comes Next for Users and Regulators

In the months ahead, several developments will be closely watched:

  • Court challenges to the Irish DPC’s €530 million fine, which will test how far EU regulators can go in restricting data flows to China on the basis of foreign security laws.

  • The outcome of the new Irish investigation into stored EEA data on Chinese servers, which could lead to further sanctions or binding orders on data routing and access controls.

  • Possible coordinated enforcement actions by other European regulators, including Norway and the Netherlands, where authorities have already warned users that TikTok continues to send data to China.

For everyday users, the controversy serves as a reminder that engaging with global platforms increasingly involves geopolitical as well as personal‑privacy calculations. Whether TikTok can convincingly demonstrate that its European operations are insulated from China’s security apparatus will likely determine not only its regulatory fate in Europe, but also the broader trajectory of EU–China digital relations


Subscribe to Our Newsletter

Related Articles

Top Trending

Technical SEO Fixes With High ROI
7 Technical SEO Fixes With High ROI
best math apps kids
20 Best Math Apps for Kids for Fun and Interactive Learning [Personally Tested]
How passkeys work
Passkeys Explained: How Passwordless Login Works and What Can Go Wrong
Introducing Programming To Young Kids
Introducing Programming To Young Kids
getting Pentakill League of Legends
Getting Pentakills in 2026: With My Main Shaco

Fintech & Finance

Customer Call Compliance
How Can Financial Institutions Manage Customer Call Compliance?
Higher 401k Limits Retirement Savers
What Do Higher 401(k) Limits Mean for Retirement Savers in 2026?
ELSS SIP Calculator
ELSS SIP Calculator: Tax Saving + Wealth Building Explained
Tracking Small-Cap Stocks on Fintechzoom.com Russell 2000
Fintechzoom.com Russell 2000: The Complete Guide to Tracking Small-Cap Stocks in 2026
Organizational Bottlenecks and How to Address Them
10 Organizational Bottlenecks: Here’s How to Address Them

Sustainability & Living

Smart Home Sustainability
Smart Home Sustainability: Which Devices Actually Help and Which Ones Just Add Clutter
vote with your wallet
10 Ways to Vote With Your Wallet and Make Every Purchase Count
environment impact of plant-based diet featured image. Plant based meal with legumes, grains, vegetables, and a globe showing the environmental value of sustainable food choices.
The Environment Impact of Plant-Based Diet Choices
Swedish supply chain traceability platforms
6 Swedish Supply Chain Traceability Platforms Transforming Global Industries
Local Climate Actions
11 Local Climate Actions That Compound Beyond One Household

GAMING

getting Pentakill League of Legends
Getting Pentakills in 2026: With My Main Shaco
Sequels Replaced Innovation
How Sequels Replaced Innovation and Generalized AAA Gaming
Open World Fatigue. Gamer overlooking a vast open world filled with map markers, showing how open world fatigue starts when exploration becomes overwhelming
Open World Fatigue Is Real and AAA Games Caused It
Play to Earn Models Featured Image of a Gamer exploring a futuristic fantasy game economy with digital assets, rewards, characters, and collectible items, helping viewers understand how Play to Earn Models connect gameplay with ownership.
Top 10 Gaming SMEs Specializing in Play to Earn Models in the United States
Crunch Culture Coverup featured image. Exhausted game developer working late in a dark studio, showing how the crunch culture coverup hides the human cost behind AAA game production
The Crunch Culture Coverup Is Gaming’s Ugliest Secret

Business & Marketing

Human Skills in the Age of AI
11 Human Skills in the Age of AI That Become More Valuable at Work
Best Founder Resources
23 Best Founder Resources: A Practical Guide for Early-Stage Startups
Best Free Courses Aspiring Founders
The 7 Best Free Courses Aspiring Founders Should Take Before Building
best templates founders
11 Best Templates Founders Need to Build Smarter
Enter a new country without legal entity
The Fastest Way to Enter a New Country Without Establishing a Legal Entity

Technology & AI

Technical SEO Fixes With High ROI
7 Technical SEO Fixes With High ROI
How passkeys work
Passkeys Explained: How Passwordless Login Works and What Can Go Wrong
Introducing Programming To Young Kids
Introducing Programming To Young Kids
Cybersecurity Plan For Schools And Colleges
Cybersecurity Plan For Schools And Colleges: A Practical Guide
Measuring Content Performance Effectively
Measuring Content Performance Effectively

Fitness & Wellness

aromatherapy products and diffusers
10 Aromatherapy Products and Diffusers Worth Bringing Home
Electric Massage Ball for Spine Injury
Living With Spine Injury: How to Try an Electric Massage Ball Without Rushing It
A Complete Guide on TheLifestyleEdge com
The Lifestyle Edge: Your Complete Guide to Wellness and Modern Living
Stretching Accessories That Make a Difference
7 Stretching Accessories That Make a Difference for Flexibility, Mobility, and Recovery
air quality wellness devices
13 Air Quality and Wellness Devices Worth Considering for a Healthier Home