A spokesperson for the French data protection authority ("CNIL") has confirmed that CNIL launched an investigation against the social media platform TikTok, after receiving a data subject's complaint alleging that TikTok violated the EU General Data Protection Regulation (the "GDPR").

The CNIL investigation was initiated following a data subject's complaint relating to a request to delete a video on the social platform. The data subject alleged that TikTok has violated the GDPR right to be forgotten. But the investigation has since expanded to include issues related to transparency requirements about how TikTok processes user data; users' data access rights; transfers of user data outside the EU; and steps taken to ensure the data of minors is adequately protected.

TikTok is currently attempting to set its principal European establishment in Ireland. If successful, the investigation may be transferred to the hands of Ireland's Data Protection Commission.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.