Ireland’s Data Protection Commission said it remained concerned over accuracy of information provided by the company.
The European Union has launched a fresh privacy investigation into micro-video platform TikTok over the storage of European users’ data in China, the regulator announced on July 10.
Ireland’s Data Protection Commission (DPC) opened the inquiry as a follow-up to an earlier probe, which concluded on May 2 and resulted in TikTok being fined $620 million (530 million euros) for violating the EU’s data protection rules.
The DPC is serving as the bloc’s lead regulator for TikTok, owned by Beijing-based tech giant ByteDance, because the company’s European headquarters is in Dublin.
Due to its tax breaks, many tech firms are based in the Republic of Ireland.
The data regulator said that during the earlier investigation, TikTok had stated that personal data belonging to users in the European Economic Area (EEA) had only been accessed remotely and was not stored on servers located within China.
However, TikTok informed the DPC in April that it had discovered in February that users’ data had been stored in servers in China.
The DPC said that at the time, it was deeply concerned that the company had submitted inaccurate information and was considering what further regulatory action to take.
“As a result of that consideration, the DPC has now decided to open this new inquiry into TikTok,” the regulator said on July 10.
“The purpose of the inquiry is to determine whether TikTok has complied with its relevant obligations under the [General Data Protection Regulation] in the context of the transfers now at issue, including the lawfulness of the transfers.”
TikTok’s Response
In response, TikTok said it had notified the DPC of the rules breach, after it had embarked on data localization program Project Clover, which involves building three data centers in Europe in a bid to ease the bloc’s security concerns.
The company said: “Our teams proactively discovered this issue through the comprehensive monitoring TikTok implemented under Project Clover.
“We promptly deleted this minimal amount of data from the servers and informed the DPC. Our proactive report to the DPC underscores our commitment to transparency and data security.”
TikTok had said following the May 2 ruling that it would appeal against the DPC’s earlier decision.
A statement published on the social media platform’s website at the time said: “This decision has implications not just for TikTok, but for any company in Europe operating globally. We disagree with this decision and intend to appeal it in full.”