According to reports, TikTok is expected to face a substantial fine exceeding €500 million ($553 million) for transferring the personal data of European users to China. Bloomberg stated on Thursday that the data protection commission in Ireland, which oversees TikTok owner ByteDance’s European operations, may impose the penalty before the end of April.

The fine is a result of a four-year investigation into TikTok’s data handling practices. The investigation reportedly found that ByteDance violated Europe’s General Data Protection Regulation (GDPR) laws by transferring private user data to China, where it could be accessed by engineers. China is notorious for its widespread, high-tech surveillance.

Former Irish Data Protection Commissioner Helen Dixon stated in March 2021, when the investigation began, “TikTok tells us that EU data is transferred to the U.S. and not to China, however, we have understood that there is a possibility that maintenance and AI engineers in China may be accessing data.”

Ireland is taking the lead in this matter because, under the GDPR, the country where a company’s European operations are located is responsible for overseeing compliance and enforcement. ByteDance’s European headquarters are located in Dublin. Bloomberg reports that the decision date and amount of the fine have not been finalized and may still change.

Meanwhile, this is not the only challenge ByteDance is facing. The fate of TikTok’s US operations hangs in the balance as it approaches an April 5 deadline to find a buyer or face a ban in America. Possible outcomes include finding a buyer, with Amazon having thrown its hat in the ring, or its US investors rolling over their stakes into a new independent global company, or the deadline passing with another deadline extension.