TikTok tells European users its staff in China get access to their data

Privacy policy update confirms data of continent’s users available to range of TikTok bases including in Brazil, Israel and US

TikTok is spelling out to its European users that their data can be accessed by employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the platform.

The Chinese-owned social video app is updating its privacy policy to confirm that staff in countries, including China, are allowed to access user data to ensure their experience of the platform is “consistent, enjoyable and safe”.

The other countries where European user data could be accessed by TikTok staff include Brazil, Canada and Israel as well as the US and Singapore, where European user data is stored currently.

TikTok’s head of privacy in Europe, Elaine Fox, said: “Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR [the EU’s general data protection regulation], we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data.”

Data could be used to conduct checks on aspects of the platform, including the performance of its algorithms, which recommend content to users, and detect vexatious automated accounts. TikTok has previously acknowledged that some user data is accessed by employees of the company’s parent, ByteDance, in China.

In a letter to Republican senators disclosed in July, TikTok’s chief executive, Shou Zi Chew, said a “narrow set of non-sensitive” US user data could be viewed by foreign employees if approved by a US-based TikTok security team. He added that none of the data were shared with Chinese government officials.

The privacy policy update, which applies to the UK, the European Economic Area, and Switzerland, and which goes live on 2 December, takes place against a backdrop of political and regulatory pressure over use of data generated by the app, which has more than a billion users worldwide.

The US President, Joe Biden, has scrapped executive orders from his predecessor, Donald Trump, ordering the sale of TikTok’s US business, but in their place he has asked the US commerce department to produce recommendations to protect the data of people in the US from “foreign adversaries”. The Committee on Foreign Investment in the US, which scrutinises business deals with non-US companies, is also conducting a security review of TikTok.

Ireland’s data watchdog, which has jurisdiction over TikTok across the EU, has also launched an investigation into “transfers by TikTok of personal data to China”.

Michael Veale, an associate professor in digital rights at University College London, said that under a recent EU ruling data transfers between the bloc and China would have to be vetted for security. “It is extraordinarily difficult to routinely send EU user data to China because contracts between a Chinese and a European company can’t prevent state access.”

Under an European Court of Justice ruling dubbed Schrems II, certain data transfers outside the EU must take account of “the level of protection”, with particular focus on access by state authorities, afforded to the user’s data at the other end.

Veale said China’s data laws could lead to questions being raised over the security of even limited data transfers. However he added: “I’m not convinced that the Chinese government’s focus is currently on spying on individuals’ TikTok data. They have other means to obtain private information. Growing and deepening an influential platform is itself a powerful goal.”

In a blog post last year TikTok said it was “aligned” with the regulatory direction set out by the Schrems II ruling.

In the UK, the Information Commissioner’s Office, the country’s data watchdog, is consulting on new guidance for data transfers post-Brexit. However, the government has paused a new data reform bill.

In October, TikTok denied a report in the business publication Forbes that it was used to “target” US citizens. Forbes had reported that it planned to track the location of at least two people via the video-sharing app.

In the privacy policy update Fox said TikTok did not collect “precise location information” from users in Europe, whether based on GPS technology or otherwise. In its current iteration the privacy policy states: “With your permission, we may also collect precise location information (such as GPS).”


Dan Milmo Global technology editor

The GuardianTramp

Related Content

Article image
TikTok denies report data used to track or ‘target’ US citizens
Chinese-based team at parent company ByteDance alleged by Forbes to have planned to collect location information

Dan Milmo Global technology editor

21, Oct, 2022 @10:15 AM

Article image
Your data is not destined for China, assures TikTok’s UK boss
The controversial app’s users are ignoring geopolitical battle over its digital security, says Richard Waterworth

Chris Stokel-Walker

23, Aug, 2020 @5:56 AM

Article image
TikTok unveils European data security plan amid calls for US ban
Move comes as White House backs bill that could give it power to ban Chinese-owned app nationwide

Dan Milmo Global technology editor

08, Mar, 2023 @5:29 PM

Article image
European Commission bans staff using TikTok on work devices over security fears
Parent company, ByteDance, says action is ‘misguided’ and has contacted commission to ‘set the record straight’

Mark Sweney

23, Feb, 2023 @12:58 PM

Article image
EU agrees draft text of pan-European data privacy rules
New rules will strengthen European citizens’ privacy protections, while a controversial proposal to raise ‘age of digital consent’ to 16 was devolved to member states

Samuel Gibbs and agencies

16, Dec, 2015 @11:30 AM

Article image
Meta dealt blow by EU ruling that could result in data use ‘opt-in’
Irish regulator fines Facebook owner €390m after EU rejects argument for use of data to drive personalised ads

Dan Milmo Global technology editor

04, Jan, 2023 @6:16 PM

Article image
Government’s secret post-Brexit plan must rule out the Singapore model
Whitehall should publish the findings of ‘Project After’ to clarify the direction of UK industrial strategy in the case of no-deal

10, Feb, 2019 @7:00 AM

Article image
From Facebook intern to the crosshairs of Congress: TikTok chief’s stellar rise
Shou Zi Chew, who joined ByteDance, the parent company in 2021, won’t let his children use the app

Mark Sweney and Johana Bhuiyan

23, Mar, 2023 @2:47 PM

Article image
BBC urges staff to delete TikTok from company mobile phones
Move comes after UK government bans app on government devices over fears of data being accessed by Chinese state

Matthew Weaver and Dan Milmo

19, Mar, 2023 @1:09 PM

Article image
TikTok ponders HQ in London after Donald Trump’s hostility
Video app’s owner ByteDance already has 800 of its European workforce in UK and Ireland

Rob Davies

03, Aug, 2020 @6:32 PM