As tensions between Beijing and the West continue, a number of governments have banned TikTok, the social media platform owned by the Beijing-based parent company, ByteDance, from work devices over cybersecurity concerns. Since February 23, three top European Union (EU) bodies suspended the use of TikTok on any devices enrolled in the Commission’s mobile device service.
Meanwhile, before the US federal ban was enacted, more than half of US states had their own bans on TikTok by February.
The European Commission sent an email on February 23, instructing its 32,000 staff members to remove the app from corporate devices or personal devices enrolled in the Commission mobile device service by March 15. Later the same day, the European Council implemented similar measures for its own 3,000 staff.
The European Parliament followed suit on Tuesday, telling its 8,000 officials that they need to remove the app by March 20. They further strongly recommended that members of European Parliament and their accredited assistants remove the app as well.
The Commission explained the ban as a measure “against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission.”
This is the first time the Commission has suspended the use of an app for its staff. European Commission’s Chief Spokesperson, Eric Mamer, and Spokesperson for Internal Market, Defence Industry, Space, Education, Youth, Sport and Culture, Sonya Gospodinova, said the restriction was temporary and under “constant review and careful analysis.”
Although spokespeople for the Commission said that this was the result of “careful” analysis, they declined to reveal the information which led them to conclude that the app posed a significant cybersecurity and data risk for European officials.
Many European Commission officials use their own devices for work, in a situation that has been criticised from a cybersecurity standpoint. Staff members who choose to keep TikTok on these devices will no longer be suitable to join the Commission’s mobile device service.
Denmark’s Centre for Cybersecurity, part of the country’s foreign intelligence service, reported a “risk of espionage” from the popular app, resulting in the Danish government strongly recommending that officials delete the app from their work phones.
The US’s notice to government employees comes following the “No TikTok on Government Devices” Act, passed in December. The Act leaves some exceptions, such as for law enforcement activities, national security interests, and security researchers.
The Canadian government specified that their ban was a precaution, following advice from the Chief Information Officer of Canada, who determined the app to present “an unacceptable level of risk to privacy and security.”
My statement announcing a ban on the use of TikTok on Government of Canada mobile devices. pic.twitter.com/X8Zfuyz5p4
— Mona Fortier 🇨🇦 (@MonaFortier) February 27, 2023
The President of the Treasury Board, Mona Fortier, voiced concerns “about the legal regime that governs the information collected from mobile devices,” stating that “TikTok’s data collection methods provide considerable access to the contents of the phone.”
Meanwhile, the UK’s conservative Science, Innovation and Technology Secretary Michelle Donelan stated that Britain would not be emulating the EU in this, citing that TikTok would be a “personal choice” for officials.
“That would be a very, very forthright move … that would require a significant evidence base to be able to do that,” Donelan continued.
Meanwhile, earlier this month in Norway, which is not an EU country, Justice Minister Emilie Enger Mehl apologised for installing and using TikTok on her government-issued phone.
TikTok dubs bans “Political Theater”
TikTok spokesperson Brooke Oberwetter said on Monday that the US ban of TikTok on federal devices was “passed in December without any deliberation, and unfortunately that approach has served as a blueprint for other world governments. These bans are little more than political theatre.”
The company has consistently refuted the claims, and points towards governments for copying one another to ban TikTok without just cause.
Concerning Canada, one spokesperson said, “It’s curious that the Government of Canada has moved to block TikTok on government-issued devices — without citing any specific security concern or contacting us with questions — only after similar bans were introduced in the EU and the US.”
Caroline Greer, TikTok’s Director of Public Policy & Government Relations in Brussels, tweeted that the decision was “misguided and based on fundamental misconceptions.”
The European Commission's suspension of TikTok on corporate devices is misguided and based on fundamental misconceptions. We have requested a meeting to set the record straight.
— Caroline Greer (@CarolineGreer) February 23, 2023
She added that the company had requested a meeting with the European Commission to “set the record straight.”
The European Commission seemed to anticipate the criticism that TikTok did offer of Canada, that they had singled out the social media platform, stating that “The security developments of other social media platforms will also be kept under constant review.”
China backed the company’s complaints about the federal bans, claiming that the White House “has been overstretching the concept of national security and abusing state power to suppress other countries’ companies.”
“How unsure of itself can the US, the world’s top superpower, be to fear a favourite young person’s favourite app to such a degree?” Mao Ning added.
TikTok’s struggle in the West
TikTok does have a tense history with both European and Northern American governments when it comes to cybersecurity.
In late December, TikTok’s parent company, ByteDance, confirmed that it had used TikTok data in order to track the physical movements of several Forbes journalists in the US, in an effort to identify a leak in the company.
Just a few months earlier, in June, tapes leaked to BuzzFeed had recordings of TikTok employees discussing the access of American users’ data from China.
Related articles: EU War on Disinformation: Is Twitter Failing to Join the Fight? | How TikTok Lost Europe’s Trust | TikTok: China’s One-Way Mirror on the World? | U-Turn on Nudity Policy: Are Facebook and Instagram About to ‘Free the Nipple’? | Why Is it so Difficult to Delete a BeReal and Other Social Media Content? | Did Elon Musk Buy Twitter to Flirt With China and the Far-Right?
In January, the company’s CEO Shou Zi Chew flew to Brussels to meet with various officials, who cautioned the company over data concerns.
Vêra Jourová, the EU’s Commissioner for Values and Transparency, tweeted that “There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities.”
I count on #TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators.
There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities. pic.twitter.com/csKdCSOeMi
— Věra Jourová (@VeraJourova) January 10, 2023
Since then, TikTok has worked hard to allay concerns over data privacy and cybersecurity in Europe as well as the US. They committed to three new data centres in Europe, while participating in the EU’s Code of Practice on Disinformation.
They successfully submitted the first report on their handling of disinformation alongside other tech companies including Google, Microsoft, and Meta. Twitter, however, submitted an incomplete report, drawing strong criticism from the European Commission.
Throughout the company’s response to allegations of distrust, and in its first report for the aforementioned code, it consistently emphasises TikTok’s mission of “inspiring creativity and bringing joy.”
However, this message has not reassured everyone. In December, French President Emmanuel Macron called the platform “deceptively innocent.” Macron, who is active on the social media platform, criticised it for censorship, “hidden Russian propaganda,” and being a cause of “real addiction.”
In terms of data, the most prevalent concern is that the Chinese Communist Party (CCP) could compel the company to hand over data that it holds on European users.
Mike McCaul, the chairman of America’s House Foreign Relations Committee, claims the app is used by the CCP to “manipulate and monitor its users while it gobbles up Americans’ data to be used for their malign activities.”
This comes in the wake of increased strain between Washington and Beijing, following the shooting down of a Chinese “spy balloon” over the US in February, while the US strictly controlled exports of computer chips to China.
Nonetheless, Europe isn’t expecting the app to go anywhere. With 150 million users in Europe, the European Council included in its list of predictions for 2023 that the video platform may “eventually replace” Twitter. This might be why the suspension is temporary.
Meanwhile, some organisations have cautioned that the access China has to TikTok’s data is not much more harmful than other governments to other apps.
Evan Greer of Fight for the Future, a group that advocates for digital rights, said, “Unless we’re also [going to] ban Twitter and Facebook and YouTube and Uber and Grubhub, this is pointless.”
Yes, it’s possibly a bit easier for the Chinese government to gain access to data through TikTok than other apps, but there’s just so many ways governments can get data from apps,” Greer continued.
TikTok is currently having to defend itself on all fronts against accusations of potential data misuse. On February 22, TikTok released an official response to an unfavourable evaluation by Malcore, Internet 2.0’s malware analysis programme, that found TikTok to be “designed to collect data.”
“We welcome legitimate review of our platform,” said TikTok. Malcore, they argued, was not this. They pointed to lack of transparency in the process, and the arbitrary selection of its criteria as reasons that the analysis was bogus.
There’s no doubt that TikTok has worked hard to rebrand itself as transparent with its handling of data, launching transparency centres and reports. However, the new developments of governments banning the app on federal devices means that TikTok will struggle to continue its rebranding efforts.
The concrete proof of governmental distrust of the app, through the decisions of the EU bodies, the USA, and Canada, alongside the recommendations of the Netherlands and Denmark, will be a difficult hurdle for TikTok to overcome.
TikTok is already kept on a relatively short leash in answering to the countries’ data protection policies, and this may well continue to affect the marketplace for the app within these governments’ jurisdictions.
Editor’s Note: The opinions expressed here by the authors are their own, not those of Impakter.com — In the Featured Photo: Hand holds phone with TikTok logo. Featured Photo Credit: Solen Feyissa