European regulators have intensified scrutiny of TikTok, accusing the Chinese-owned platform of continuing to transfer European user data to China despite previous sanctions. The Norwegian Data Protection Authority stated that users were recently notified that their personal information remains accessible to TikTok employees in China, a practice regulators fear could expose data to Chinese government surveillance under local laws. This aligns with warnings from the Dutch Data Protection Authority, which emphasized that users—particularly younger ones—remain insufficiently aware that their data is still being routed to China while TikTok appeals earlier regulatory rulings.
+2
In a separate legal challenge, the Austrian digital rights group noyb filed complaints alleging that TikTok illegally tracks users across third-party applications without consent. The group claims TikTok utilized the Israeli mobile analytics firm AppsFlyer to harvest sensitive data, including information from the dating app Grindr, which reveals sexual orientation—a category protected under Article 9 of the GDPR.
Additionally, noyb accused TikTok of violating data access rights by refusing to provide users with their complete data files, instead offering only “relevant” subsets. These developments follow a €530 million fine imposed by Ireland’s Data Protection Commission in May for similar data transfer violations.
