Tiktok logo on smartphone showing TikTok ban by European Commission

TikTok Ban for European Commission Staff Over National Security Concerns

The European Commission and the European Council, the two largest policy bodies in the EU, are the latest government entities to implement a TikTok ban for staff. Officials said that there had not been any specific incidents that had prompted the decision, just general concerns about what access the Chinese government might have to user data and how it might make use of the app to promote its interests.

TikTok has been subject to similar bans by both federal agencies and state governments in the United States, for very similar reasons. It has also been banned in Taiwan over concerns about China’s reach, and in a handful of other countries due to pornography and gambling content; India also banned the app in the wake of its 2020 border skirmishes with China.

European Commission issues total ban on TikTok for staff

European Commission staff will not only have to keep TikTok off of work devices, but also personal devices that are enrolled in the body’s mobile device service (which is required to make use of various official apps and services that the body provides). A statement from the European Commission indicated that cyber security was a primary concern, but did not mention any specific threats tied to the TikTok ban.

TikTok expressed disappointment in the decision, saying that the European Commission had not reached out to it prior to the ban. The European Parliament indicated that it could follow with its own TikTok ban, issuing a statement saying that it is considering the European Commission evaluation and would be formulating recommendations to authorities in the near future.

European Commission staff have been instructed to remove the app from all applicable devices by March 15. The body has a staff of about 32,000 in total. It also said that the TikTok ban was considered “temporary” but did not establish conditions or a timeline for it being lifted.

The move follows a November 2022 privacy policy update from TikTok, which disclosed to EU users that staff in China (as well as numerous other countries) were able to access their personal data as part of routine operations. This in turn followed internal leaks that demonstrated that US user data, supposed to be stored in that country and Singapore (along with EU and other non-Chinese data) and siloed from the operations in Beijing, was being accessed more often by Chinese employees than the company had previously disclosed.

Chris Vaughan, AVP – Technical Account Management, EMEA at Tanium, sees the focus on TikTok bans as less about TikTok specifically and more about a broad long-term intelligence push to limit Chinese hardware and software in sensitive positions in the West: “These national bans are part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life. We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted and Chinese computer chips being rejected. There have been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation. Historically, Russia has been the most prominent user of information operations as we saw from its activities related to the 2016 US election and the Brexit referendum. China has been more focused on stealing intellectual property which it can then use to its own advantage. However, there are indications that the CCP will start to focus more on information and influence operations to achieve its strategic goals. Any instances of this need to be met head on by western political leaders who should take a strong stance against it at the government level, rather than leaving the responsibility to individual institutions like colleges.”

TikTok bans becoming more common around the world

There has yet to be any nefarious use of this personal data that anyone is aware of; the mid-2022 internal leaks revealed that Chinese engineers were being called in and given free reign more because TikTok staff in the US and other countries simply did not know how to do certain things. But China’s laws allow the government essentially free access to any data that flows across its borders, and the prospect of this has led to the recent series of preemptive Tiktok bans by assorted government agencies and localities.

Matt Marsden, VP and Technical Account Management at Tanium, sees this as a necessary prescriptive move: “This is a good start, but a more comprehensive approach needs to be taken to protect our citizens from social media campaigns designed to further foreign political objectives. Chinese intelligence tactics are focused on longer-term objectives and are fueled by the sustained collection of data. The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations. This data can be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. This has been observed during election cycles and politically charged events in recent years.“

A report published in December 2022 did find that some TikTok staff were monitoring the accounts of journalists on the platform, however, ostensibly in a bid to identify internal sources that were leaking information to the media. Three Forbes journalists were allegedly monitored as part of something called “Project Raven,” as revealed by leaked materials. The executive overseeing the company’s internal investigation into the leaks, Song Ye, resigned after the news came out, and chief internal auditor Chris Lepitak was fired.

While world governments are increasingly willing to pull the trigger on TikTok bans, the phenomenon is still relatively new to Europe. The European Commission is the first major body in the EU to do so; previously it was only being discussed by Dutch politicians for a country-wide government ban there. Chew has been trying to head off moves such as these, having meetings with EU officials including a frank January discussion in which he was told the company has a lot of work to do to earn the trust of regulators. Chew next heads to the US in March to testify before Congress and attempt to calm fears of the app becoming a national security threat.

The European Commission and the European Council are the latest government entities to implement a TikTok ban for staff. This includes work devices and also personal devices enrolled in the body's mobile device service. #privacy #respectdataClick to Tweet

TikTok’s primary strategy by which to improve relations is data localization, and to that end it has already constructed a data center in Dublin (slated to open its doors sometime this year) and is in various stages of developing two more to be placed in Europe. It has also established a data center in Virginia that is up and running, and has announced plans to eventually store all US data within the country in an ongoing partnership with Oracle.