Irish Supreme Court backs TikTok

Data transfers are the real story here — not just the fine. Ireland’s Supreme Court ruled on Thursday, April 30, that TikTok can keep transferring European user data to China while it appeals a major privacy enforcement decision. That does not erase the €530 million GDPR penalty or end the wider case. But it does buy TikTok time, and time matters when the regulator is trying to force a company to change how it moves data across borders. (irishtimes.com) ### What did the court actually decide? The narrow point was whether the Data Protection Commission could force its corrective orders to bite before TikTok’s full appeal is finished. The Supreme Court dismissed the DPC’s appeal, which means TikTok keeps the benefit of a stay and can continue the disputed EU-to-China data transfers for now. This was a procedural win, not a final ruling that TikTok complied with GDPR. (irishtimes.com)o do? Back on April 30, 2025, the Irish DPC fined TikTok €530 million and ordered corrective measures after investigating transfers of European Economic Area user data to China. The regulator said TikTok had breached GDPR transparency rules and the rules governing transfers to third countries. It also ordered TikTok to bring its processing into compliance and to suspend the transfers after the appeal window. (dataprot([irishtimes.com)measures-following)) ### Why is the number so big? Because the DPC split the penalty into two separate GDPR findings. €485 million was tied to Article 46 transfer failures — basically, the legal safeguards for moving data outside the EU. Another €45 million was tied to Article 13 transparency failures — what users were told, or not told, about where their data could go. So the headline figure is huge, but it comes from two different kinds of privacy breach. (dataprotection.ie) ### Why was TikTok able to keep operating during appeal? Irish procedure is the hinge. The fine itself was automatically paused on appeal, but the corrective orders were a separate fight. TikTok went to the High Court in late 2025 and won a stay on those orders, arguing that an immediate shutdown of the transfers could cause serious business harm before the legality of the DPC decision had been fully tested. Thursday’s Supreme Court ruling leaves that protection in place. (irishlegal.com) ### Why does China matter so much here? Because GDPR gets much stricter once European personal data leaves the bloc. The issue is not just that data moved, but whether the destination country offers protections that are effectively equivalent in practice, and whether the company can back that up with real safeguards. Regulators have been especially sensitive where government access risks are part of the picture. The fight is really about whether TikTok’s legal and technical protections were enough. (dataprotection.ie) ### Why does an Irish ruling matter for all of Europe? Ireland is the lead regulator for a long list of big tech companies with EU headquarters there. So when Irish courts slow, narrow, or reshape enforcement, the effects do not stay local. They ripple through the EU’s one-stop-shop system, where one national authority often takes the lead on bloc-wide cases. A procedural ruling in Dublin can therefore change the tempo of European privacy enforcement. (dataprotection.ie) ### Does this mean TikTok won the whole case? No — and that’s the catch. TikTok won an important interim fight over timing and enforcement, not the final argument over whether the DPC was right on the merits. The company still faces the underlying GDPR findings and the broader appeal process. But for now, the regulator cannot force the most disruptive part of its order while that fight continues. (irishtimes.com)tory deadline into a longer legal runway. The fine is still there, the privacy case is still alive, and the bigger EU battle over cross-border data transfers is still unresolved. But Thursday’s ruling shows how much of modern tech regulation gets decided not just by watchdogs, but by who can keep enforcement tied up in court the longest. (irishtimes.com)