Spain: Data protection authority issued user recommendations regarding TikTok’s international data transfers

On 22 December 2025, the Spanish Data Protection Agency issued user recommendations stating that TikTok continues to transfer European users’ personal data to third countries, including China, despite prior findings by European data protection authorities that such transfers do not comply with the General Data Protection Regulation (GDPR). The Agency noted that an Irish court temporarily lifted the suspension on these transfers pending a final ruling, but only subject to TikTok meeting strict transparency obligations. It emphasised that the previous GDPR non-compliance assessment remains valid and under judicial review. The authority also urged users, particularly younger users, to carefully read privacy notices, review application permissions, consider the risks of international data transfers, and avoid sharing sensitive personal information.