TikTok starts court battle to save China ties
POLITICO - Tuesday, March 3, 2026DUBLIN — TikTok on Tuesday began a defense of how it handles Europeans’ privacy and data in a court case that will define how Chinese-owned companies in Europe deal with Beijing’s spying laws.
The popular social media app is going head to head with the Irish Data Protection Commission — Europe’s most powerful privacy regulator, which oversees tech giants including Meta, X and Google.
At stake in the Irish court battle is whether TikTok is allowed to transfer personal data of Europeans to China.
The company, which is owned by Chinese giant ByteDance, is challenging a €530 million fine by the Irish regulator last year, when officials found it had allowed Chinese staff to access Europeans’ data — but failed “to verify, guarantee and demonstrate” that the data was properly protected.
The Irish regulator wants TikTok to shut off data flows to China, unless it can prove its user information is safe from Beijing’s invasive surveillance and intelligence laws.
The case is a major test for Europe’s privacy rulebook, the General Data Protection Regulation (GDPR), and how it protects Europeans when their data is transferred to China. It comes as Europe is facing transatlantic pressure, forcing the bloc to revisit trade ties with Beijing, despite long-held security concerns over the Chinese government’s data snooping practices.
Lawyers faced off Tuesday in Dublin’s top courts building, for the start of a grueling 10-day hearing, sparring over how to interpret the limits of Chinese laws and the merits of TikTok’s data practices.
“The consequences of [the Irish regulator’s] decision are immense, even for a very large organization like TikTok,” the firm’s senior counsel Paul Gallagher told the court, estimating the cost of complying with the Irish order to run as high as €5 billion.
If judges side with the Irish regulator, that could ultimately force TikTok to unplug from China entirely to continue serving European users — just months after it split off its U.S. operation into a new app, under the control of a group of investors led by Silicon Valley giant Oracle and investment firms Silver Lake and MGX, to alleviate long-standing American data security concerns.
TikTok has estimated that it would cost billions for it to comply with the Irish regulator’s demand to cut off data flows, and would involve relocating thousands of its workers outside of China.
Data access woes
The Irish regulator slapped TikTok with the privacy fine last May after it found the platform couldn’t guarantee the data of its 159 million monthly users in Europe were safe from China’s “problematic” surveillance laws.
“This is all about what TikTok have described as the relevant laws, and what the [Data Protection Commission, or DPC] have described as the problematic laws,” said TikTok’s senior counsel Gallagher, who is also a former attorney general for the Irish government. “We don’t think they are problematic, because we think they don’t apply. The DPC thinks they are problematic, because it thinks they do apply.”
The fine was one of the highest the Irish regulator has handed out since it started enforcing the GDPR in 2018.
It followed years of scrutiny from security and privacy authorities, as Western governments increasingly viewed TikTok as a threat.
TikTok is owned by Beijing-based ByteDance, and staff in China have remote access to some European user data stored outside the country. In details shared with the Irish regulator during the investigation, TikTok said that the kind of data accessed by staff in China could include usernames and account holder details, interaction and activity data, and other personal data.
It said the company didn’t intend to collect sensitive data about users, but it “may be collected incidentally or uploaded” by users, and staff needed to have “restricted and limited” access for research, security, analytics and other services.
TikTok has said Chinese laws don’t apply to its data, which it stores outside of China, and has said it has never been asked to hand over data to Beijing’s authorities.
The firm already launched a massive campaign to alleviate European politicians’ security concerns in 2023, when it presented what it called “Project Clover,” a €12 billion plan designed to store data in Europe, overseen by a European security company. It mimicked a U.S. campaign called “Project Texas,” which promised similar controls to the U.S. in 2020.
But the moves failed to persuade politicians. The EU already cracked down on TikTok for its own officials when it banned the app on their phones in 2023, a move that was followed by many governments across Europe.
China vs. US
The TikTok case is also forcing Europe to deal with a blind spot: data flowing to China has, so far, been left largely unscrutinized.
The EU has skirmished with American authorities for years over how to protect Europeans’ personal data from mass surveillance programs uncovered by whistleblower Edward Snowden in 2013.
Data transfer agreements crafted by the EU and U.S. have been repeatedly wiped out by Europe’s top court over surveillance concerns.
For data flowing to China, though, few cases have tested how companies protect Europeans’ data when it comes within reach of Beijing’s surveillance authorities.
The Irish regulator’s decision to fine TikTok meant the “screw is turning” on data flows to China, Joe Jones, research director at the International Association of Privacy Professionals, said after the decision came out.
“We’ve had over a decade of EU-U.K., EU-U.S. fights and sagas on [data flows]. This is the first time we’ve seen anything significant on any other country outside of that transatlantic triangle — and it’s China,” Jones said.