TikTok, China, and the EU: The Battle Over Data Sovereignty

In this episode, we explore the mounting scrutiny TikTok faces over its handling of European user data, with the EU’s Data Protection Commission (DPC) launching a fresh investigation into alleged transfers of data to China. TikTok, owned by Beijing-based ByteDance, is once again in the crosshairs for possible violations of the General Data Protection Regulation (GDPR) — this time following revelations that contradicted previous assurances given during a years-long inquiry.

At the heart of the episode lies the broader question: Who controls data in a globalized, politically fractured internet?

We delve into the intricate politics of data localization, examining how governments are increasingly treating data flows as matters of sovereignty and national security. With the EU enforcing a rights-based data protection regime and China emphasizing state-centric control through its Personal Information Protection Law (PIPL), companies like TikTok are navigating a legal minefield where compliance in one jurisdiction could mean noncompliance in another.

Topics discussed include:

• TikTok’s €530 million GDPR fine and the new inquiry sparked by undisclosed data transfers to Chinese servers.
• The role of Project Clover, TikTok’s €12 billion initiative to localize EU user data and build trust through European-based infrastructure and security auditing.
• How GDPR’s Article 46 requires equivalency in legal safeguards for any cross-border data transfers, and why Chinese laws such as the National Intelligence Law fail that test.
• The strategic enforcement power of the Irish DPC and how remote access, not just physical storage, is now classified as a “data transfer” under GDPR.
• The stark contrast between GDPR and China’s PIPL: one centers on individual rights and transparency, while the other prioritizes state surveillance and geopolitical control.
• The collateral damage to global cloud computing, API efficiency, and data redundancy when localization laws fragment digital ecosystems.
• Europe’s evolving stance toward Chinese tech firms—once seen through a commercial lens, now increasingly treated as security and sovereignty issues.

Through the lens of the TikTok case, this episode unpacks the new realities of digital governance, where data is power, and control over that data is rapidly becoming a tool of foreign policy. For enterprises and policymakers alike, the challenge is not just about compliance, but navigating a digital world divided by legal borders and political agendas.