Ireland's Data Protection Commission will determine in the near term whether to reimpose or modify sanctions on TikTok after a court ruling required the regulator to revisit its prior order to halt data transfers from the European Union to China.
The DPC, which acts as TikTok's lead privacy authority in the EU, previously fined the company c530 million and issued a directive that would block data transfers to China if TikTok did not bring its processing into compliance within six months.
Shortly after that suspension order was issued, the Irish High Court paused its implementation while TikTok appealed. In a ruling this month, the court affirmed the DPC's determination that TikTok violated EU privacy regulations, but it also instructed the regulator to reconsider the specific corrective measures that accompanied the fine.
Des Hogan, chair of the DPC, said the court's instruction to reassess the suspension order stemmed from a need for clearer explanation of how the regulator had weighed some of TikTok's submissions. The regulator must now reexamine and more explicitly document how those submissions were considered in deciding on corrective action.
In its May 2025 decision, the DPC concluded that TikTok had not proven that data accessed remotely by personnel in China received protections equivalent to those available within the EU. The regulator cited this shortcoming as leaving unresolved the possibility that Chinese authorities could gain access to EU user data.
The coming period will focus on the DPC's next steps: whether it will maintain the suspension order, alter the remedy, or take different measures consistent with the court's guidance. Until the regulator issues a clarified decision, the status of the suspension remains in legal and administrative flux.
Stakeholders will be watching how the DPC documents its reconsideration and the extent to which the regulator addresses the specific submissions the court found insufficiently explained.