The company, owned by Beijing-based ByteDance, has been grappling with mounting questions from U.S. policy makers over whether it jeopordizes national security. It rejects the notion it’s controlled by the Chinese government or that user data is at risk.

The 27-nation EU has some of the strictest data-protection laws in the world. The General Data Protection Regulation, or GDPR, gives EU authorities the power to fine companies as much as 4% of global annual sales for the most serious violations.

The EU group of regulators in their statement also expressed “concerns regarding certain developments in facial recognition technologies,” in response to questions about the use by police forces of such technologies by Clearview AI, a startup that’s scraped billions of photos from social media accounts with the aim of helping law enforcement find suspects without criminal records.

TikTok said in an emailed statement that the company’s “top priority is protecting our users’ privacy and safety” and that it is “happy to cooperate” with the EU watchdogs.

Representatives for Clearview AI didn’t immediately respond to an email seeking comment.

The EU authorities said they have “doubts” whether there’s a legal basis for using a service such as Clearview AI.

“As it stands and without prejudice to any future or pending investigation, the lawfulness of such use by EU law enforcement authorities cannot be ascertained,” the group said. “The use of a service such as Clearview AI by law enforcement authorities in the European Union would, as it stands, likely not be consistent with the EU data protection regime.”