Nařízení Irské Vlády

Update on Irish GDPR ruling regarding "TikTok's transfer of EEA user data to China"

As explained in our Privacy Policy, TikTok provides certain entities within our group of companies based in China with remote access to some of our EEA users’ personal data. This transfer of personal data through remote access is subject to controls and is necessary to provide essential functions.

On 30 April 2025, the Irish Data Protection Commission (DPC) ruled that TikTok had breached the GDPR by transferring personal data to China between 2020 and 2023 without properly demonstrating, verifying and ensuring that the personal data would be protected at a level that was essentially equivalent to that guaranteed in the EU. The Commission ordered TikTok to comply with the GDPR in relation to this remote access. The decision also includes an order to suspend this remote access if the processing of the personal data concerned is not brought into compliance with the applicable regulations within the specified period. You can read the DPC’s decision here.

TikTok strongly disagrees with the DPC’s decision and is appealing it in full to the High Court of Ireland. On 14 November 2025, the Irish High Court, in that process, suspended the DPC’s decision, subject to this notice to users, pending TikTok’s appeal, and allowed the transfer of user data from EEA countries to China to continue in the meantime.

TikTok takes data protection and user privacy very seriously. We are the authors of Project Clover, a €12 billion strategic investment in European data protection that we believe is at the forefront of our industry and provides unparalleled protection for European users’ data:

• TikTok works with NCC Group, which independently oversees, reviews, and verifies our security and privacy measures, monitors personal data flows, provides independent verifications, and reports on any irregularities.
• Our European users' personal data is now stored by default in a dedicated European data repository, currently located in data centers in Norway, Ireland, and the United States.
• Strict access controls enforced by security gateways ensure that employees in China do not have access to limited personal data of European users, such as phone numbers or IP addresses, that is stored in our European storage.
• Advanced privacy-enhancing technologies anonymize some personal data that must flow globally to operate a global platform, providing further data protection.

Společnost TikTok komisi DPC během vyšetřování sdělila podrobnosti o projektu Clover. Komise DPC se ve svém rozhodnutí neztotožnila se závěrem společnosti TikTok, že tato opatření řeší komisí vznesené nedostatky. Společnost TikTok rozporuje, že se komise DPC projektem Clover skutečně zabývala. O těchto otázkách bude nyní rozhodnuto v rámci odvolání společnosti TikTok proti rozhodnutí komise DPC.

Bližší informace o předávání údajů společností TikTok najdete v našem oznámení o ochraně osobních údajů.