Ireland: TikTok filed an appeal to High Court against Data Protection Commission’s EUR 530 million fine and order of suspension of data transfers to China

On 27 May 2025, TikTok filed an appeal at the High Court against the Irish Data Protection Commission (DPC) EUR 530 million fine and order of suspension of data transfers to China. Previously, on 2 May 2025, DPC fined TikTok for violating the General Data Protection Regulation (GDPR) by unlawfully transferring personal data from the European Economic Area (EEA) to China. The DPC found that TikTok failed to ensure that Chinese law provided a level of data protection essentially equivalent to that required under EU law, as mandated under GDPR. Although TikTok used Standard Contractual Clauses (SCCs) and claimed that data transfers via remote access were not governed by the relevant laws and practices, TikTok’s own legal assessment provided during the inquiry revealed significant differences between Chinese and EU law. These included issues under China’s Anti-Terrorism Law, Counter-Espionage Law, Cybersecurity Law, and National Intelligence Law. The DPC concluded that TikTok neither adequately assessed these risks nor implemented effective supplementary measures, undermining its ability to guarantee lawful data transfers. While the company has since made structural changes under “Project Clover,” the DPC determined that a suspension of the data transfers was necessary and proportionate. TikTok has been ordered to bring its processing operations into compliance with GDPR within six months of the expiry of the appeal period.