European Commission bans TikTok from staff gadgets

The European Commission on Thursday banned the use of the TikTok short video app on corporate devices and on the personal devices of employees enrolled in the commission's mobile device management service.

The ban was enacted to enhance cyber security at the behest of the commission's Corporate Management Board, which oversees and coordinates management issues for the EU's executive arm.

"This measure aims to protect the commission against cybersecurity threats and actions which may be exploited for cyber-attacks against the corporate environment of the Commission," the EC said in a statement. "The security developments of other social media platforms will also be kept under constant review."

The commission's statement cites the need to protect staff from a rising number of cyber threats but fails to explain while TikTok was singled out.

The security developments of other social media platforms will also be kept under constant review

For the other government entities around the global that have disallowed TikTok for their respective employees or more broadly – India, Taiwan, at least 19 US State governments, including Maryland, South Carolina, and South Dakota, the US House of Representatives, and the US military, among others – the rationale for banning the social media app has been concern the software could facilitate remote spying on behalf of Chinese authorities.

TikTok is owned by ByteDance, a Chinese company based in Beijing and incorporated in the Cayman Islands. The ByteDance leadership team operates largely out of Singapore, and TikTok's parent is currently 65 percent owned by Western investment firms. 

Despite this ostensibly distributed corporate footprint, the assumption among Western governments is Beijing could demand access to the data TikTok collects outside the Middle Kingdom or could demand the alteration of TikTok source code to facilitate intelligence gathering. And due to the unchecked power of the Chinese Communist Party within China, it's unlikely any company based there could get away with refusing to cooperate. 

• US House boots TikTok from government phones
• Meta, Google, TikTok and friends sue California to block kids privacy law
• TikTok could be banned from America, thanks to proposed bipartisan bill
• Gen Z lingo and search engines: A Millennial Odyssey

Given the extent of data gathering by the US and its allies and the ease with which technology products can be turned into surveillance devices – to say nothing of the decades trying to convince China to respect foreign intellectual property claims or the recent Trump-initiated trade war – it's hardly surprising there's not much trust between America and China. This mistrust in turn, occurring amid China's effort to assert itself as a global superpower, has led to efforts to exclude China from the technology supply chain and has fueled China's aspiration to achieve technological self-sufficiency. 

TikTok, caught in the middle of the emerging geopolitical divide, has made gestures to mitigate security concerns, such as turning to Oracle to host the data of US users. But executives with the app's parent company have failed to provide the answers that US lawmakers would like to hear. 

In a Senate hearing last September, TikTok chief operating officer Vanessa Pappas was asked by Senator Rob Portman (R-OH) whether she "will commit to cutting off all data and metadata flows to China, Chinese-based TikTok employees, ByteDance employees, or any other party located in China?"

Pappas declined to make that commitment, instead promising only that "our final agreement with the US government will satisfy all national security concerns."

TikTok's cause has not been helped by a recent report that ByteDance employees had tracked the locations of journalists who had published articles critical of the company.

TikTik did not respond to a request for comment about the European Commission ban, though on Wednesday the company published a rebuttal to a report from US-Australian cybersecurity firm Internet 2.0 that rated TikTok as the worst app in terms of data collection among 23 chat and social media apps tested.

In its response the developer challenged Internet 2.0's methods and conclusions.

"Their results contained a number of inaccuracies that should cast doubt on the validity of their findings," TikTok said, adding, "We take our responsibility to safeguard people's privacy and security seriously and devote considerable resources to achieve this goal."

If only reassurance were enough. ®