The Irish national watchdog, serving as TikTok’s lead data privacy regulator in the EU, has found that the company failed to ensure that European users’ personal data accessed by staff in China was protected to a level equivalent to that guaranteed within the EU. TikTok disagreed with the decision and plans to appeal, citing its data localisation project, Project Clover, which includes stringent data protections and independent oversight.

The investigation found that TikTok’s privacy policy did not adequately disclose data transfers to third countries, including China. The company also provided inaccurate information to the regulator about storing European user data on Chinese servers. TikTok insists it has never received a request for European user data from Chinese authorities and has never provided such data.

The decision is part of ongoing scrutiny of TikTok’s data handling practices amid concerns over user data security. The Irish watchdog is considering further regulatory action.