The jingles have fallen silent; the dance crazes are no more. At least in the Berlaymont, the viral spread of the Chinese-owned video-sharing app TikTok has been halted.
On Wednesday, the deadline passed for European Commission staff to delete the application from their official phones, and any personal mobiles used for work. The ban was taken “to protect the commission against cybersecurity threats”, following a decision by its corporate management board.
It caused a domino effect as a string of other EU institutions followed suit.
The European Parliament banned staff from having the app on their devices and “strongly recommended” MEPs delete it in an email to lawmakers.
“Cybersecurity concerns have been raised on the usage of the social media platform TikTok, in particular regarding data protection and collection of data by third parties,” the parliament email read.
Several EU governments had already acted. Finland ordered government officials to delete the application last summer.
It is hard to keep up with the European governments either restricting the app for civil servants or ordering security assessments – Denmark, France, the Netherlands, Germany, Latvia, and now Slovakia.
Beyond the EU, civil servants have been restricted from using TikTok in Canada and Taiwan, which is reportedly considering an outright ban. The British government is also expected to announce a ban on the app for government officials, and has not ruled out wider restrictions.
India banned the app entirely back in 2020, in a move that shut down its market of 1.4 billion to dozens of Chinese applications simultaneously. It came at a moment of geopolitical tensions between the Asian powers following a skirmish between Chinese and Indian troops. The government called the app “prejudicial to sovereignty and integrity of India, defence of India, security of state and public order”.
Delhi’s approach is an inspiration to some in Washington. There, the question of whether to ban TikTok outright is a matter of hot debate, after a Bill to allow a nationwide restriction was introduced to Congress last week.
[ European Commission bans staff from using TikTok ]
Top US official Brendan Carr, a commissioner on the Federal Communications Commission, described India’s ban on TikTok as an “incredibly important precedent” in an interview with local outlet The Economic Times. He described TikTok as operating as a “sophisticated surveillance tool and that presents a serious national security threat”.
Is it? TikTok strongly denies any such thing. In statements, the company has described bans on its app as “based on misplaced fears and seemingly driven by wider geopolitics”.
In a charm offensive in Brussels aimed to stop the spread of bans, TikTok unveiled an initiative called Project Clover, an echo of a similar reassurance effort in the US dubbed Project Texas.
Project Clover would task an outside security company with auditing TikTok’s data protection measures and data flows. Two data centres located in Ireland were to play a role in this, as hubs for housing the personal information of its 150 million European users, along with a third data centre in Norway.
The risk of the Chinese state spying on user data is at the heart of concerns over the app.
Transfers of personal data by TikTok to China is under investigation by Ireland’s Data Protection Commission, along with its treatment of the data of minors, with whom the app is particularly popular. These issues are also the focus of a €2 billion lawsuit in the Netherlands that alleges the app violated the privacy of children.
The crux of worries in Washington are concerns that TikTok’s owner company ByteDance is subject to Chinese national security laws that oblige companies to hand over data if required to by the Chinese government. This is the same context that saw European countries begin to strip out Huawei components from their telecommunication networks.
[ Karlin Lillington: Long past time for closer scrutiny of TikTok ]
The risks were underscored when ByteDance admitted that employees in the US and China had accessed the IP addresses of journalists at BuzzFeed News and the Financial Times in an effort to pinpoint their locations and find out who had leaked them internal company documents.
Sceptics could fairly ask whether there are similar risks in the data-harvesting practices of apps developed in Silicon Valley. Mobile phones are a trove of intimate personal data that is at risk of exploitation, whether the company is headquartered in San Francisco or Shanghai.
The sudden urgency over TikTok is due to a belated reckoning with the extent of Beijing’s espionage and intellectual property theft, and fears that the Chinese Communist Party under Xi Jinping is willing to instrumentalise the operations of Chinese companies in the West to the party’s own ends.