TikTok Users in Ireland Notified of Data Transfer Court Case

Irish TikTok users are receiving in-app notifications about an ongoing High Court case concerning the transfer of their personal data to China, following a judgment that allows the practice to continue during an appeal.

The notification, which appears when users log into the platform, informs them that the Data Protection Commission found TikTok had breached GDPR regulations between 2020 and 2023, but that the High Court has put the DPC's decision "on hold" pending TikTok's appeal.

The case centres on TikTok's practice of allowing certain entities within its corporate group located in China remote access to some personal data of European users. On 30 April 2025, the DPC issued a decision finding that TikTok had violated GDPR by failing to properly demonstrate that data transferred to China had protections essentially equivalent to those guaranteed within the EU.

The DPC's original decision included administrative fines totalling €530 million and ordered TikTok to suspend data transfers to China. The company was given six months to bring its remote access practices into compliance with GDPR, with a suspension order taking effect if compliance was not achieved.

TikTok appealed the decision to the High Court. On 14 November 2025, Justice Rory Mulcahy granted a stay on the DPC's suspension order, allowing data transfers to continue whilst the appeal proceeds. One condition of the stay was that TikTok must notify its users about the DPC's findings and the court's decision.

The notification received by Irish users states: "TikTok strongly disagrees with the DPC and is fully appealing its decision to the High Court of Ireland."

The company highlights its Project Clover initiative, described as a €12 billion investment in European data security, which includes independent oversight by NCC Group, European data storage in Norway, Ireland and the United States, strict access controls limiting Chinese employees' access to restricted data, and privacy-enhancing technologies.

According to court documents, TikTok has over 159 million monthly users across the European Economic Area. The judgment notes that whilst the DPC examined Project Clover during its investigation, it did not accept that these measures adequately addressed the concerns about data protection.

The High Court hearing examined complex questions about whether personal data remotely accessed in China receives equivalent protection to that guaranteed under EU law. TikTok argues its security measures provide adequate safeguards, whilst the DPC maintains the company failed to properly verify and guarantee such protection.

The substantive appeal is expected to be heard in March 2026. Until then, TikTok's data transfer practices will continue under the terms of the court's stay order.

Users can find more information about TikTok's data transfers in the platform's privacy notice, which is accessible through the app's settings.