Ukraine InvasionCybersecurityEnergyTravel IndustryAutos

TikTok admits China staff can access European user data as FCC commissioner urges app be banned

November 3, 2022, 1:59 PM UTC
TikTok claims it has never provided any data to the government of Xi Jinping, who has become the most powerful leader of the Chinese Communist Party since Mao Zedong.
Kevin Frayer—Getty Images

TikTok said it would allow Chinese staff remote access to personal data of its European users just days after a senior U.S. regulator called for the social media phenomenon to be banned.

In a blog post, the subsidiary of China’s ByteDance claimed it was making progress toward better data governance in Europe, but tacitly conceded a long-planned data center in Ireland slated to go online late this year was not yet up and running. 

As a result, data from users in the European Union, the U.K., Switzerland, and Norway would continue to be stored in the U.S. and Singapore—including shared personal data regarding their approximate location—and could be accessed by its staff in 10 countries around the world, including those in China. 

“We rely on a global workforce to ensure that our community’s TikTok experience is consistent, enjoyable, and safe,“ Elaine Fox, head of privacy for the European market, said in a statement on Wednesday.

The continued lack of guardrails on data privacy has prompted the Federal Communications Commission’s (FCC) highest ranking Republican, Brendan Carr, to call for TikTok’s ban, claiming a lack of confidence user data won’t find “its way back into the hands of the [Communist Party of China].”

Concerns over China have grown after Xi Jinping eliminated all internal rivals from the CPC’s highest decision-making body, the seven-member standing committee of the politburo, during the party’s regular five-year meeting last month. This paves the way for an unprecedented third term as president of the country and marks him as China’s most powerful dictator since Mao Zedong.

TikTok’s Fox argued on Wednesday that staff access to European user data would be granted to certain employees in a number of different countries subject to a series of “robust security controls and approval protocols” recognized under the EU’s General Data Protection Regulation.

The GDPR was created in part to address European concerns that tech companies in the United States can be compelled to provide data to American intelligence agencies.

“Our efforts are centered on limiting the number of employees with access to European user data; minimizing data flows outside of the region; and storing European user data locally,” Fox added.

No path forward apart from ban

A spokesman for the company told Fortune greater European data localization should improve once the site in Ireland is operational early next year following COVID-related delays.

He added that staff in several countries who have remote access to European user data reside in those that already enjoy an EU-approved equivalent level of data protection, such as Japan. In those countries that do not, additional steps would be taken to limit access to a minimum.

“We have never provided any data to the Chinese government,” the spokesman added.

Social media in general has come under heightened scrutiny, whether it is through revelations from Frances Haugen regarding Meta’s Facebook and Instagram or Peiter Zatko blowing the whistle on Twitter

TikTok has however come under particular fire owing in part to its parent being domiciled in China. It has also been accused of encouraging the spread of harmful behavior, such as the Blackout Challenge, which led to the death of a 10-year-old girl in December. 

More recently, the BBC caught it taking a substantial cut from refugee children forced to beg online by predatory TikTok guilds. Days later it increased the minimum age for livestreams.

As a result of such incidents, regulators have taken an increasingly critical stance against the platform, whose Chinese doppelgänger is called Douyin. 

“I don’t believe there is a path forward for anything other than a ban,” FCC commissioner Carr told Axios on Tuesday

TikTok is currently in negotiations with CFIUS, an interagency committee that conducts national security reviews of foreign companies’ deals, to determine how it can remain operational in the United States.

“Commissioner Carr has no role in or direct knowledge of the confidential discussions with the U.S. government related to TikTok and is not in a position to discuss what those negotiations entail,” the TikTok spokesman told Fortune. “He appears to be expressing his personal views, independent of his authority as an FCC commissioner. We are confident that we are on a path to reaching an agreement with the U.S. government that will satisfy all reasonable national security concerns.”

Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.