The European Commission (EC) and Council of the EU announced on Feb. 23 that its employees would no longer have permission to use the popular social media app TikTok, a video hosting service owned by Chinese company ByteDance.
The EC executive body based its decision, which affects thousands of employees and contract workers, on “cybersecurity threats and actions” which could be exploited for use in cyberattacks.
“The security developments of other social media platforms will also be kept under constant review,” a statement from the EC explained.
According to EU information, employees must delete TikTok from any private devices they use for work by March 15 at the latest. The app must also to be removed from private devices that use EU applications.
The announcement is coupled with a notice that important applications, including the EC’s email program or Skype, would be blocked on company cellphones if TikTok is not immediately removed.
The EC declined to provide a more specific reason for demanding the removal of the app beyond what it called a “careful analysis” of the cybersecurity and data risks TikTok poses.
In a statement, TikTok’s parent company ByteDance called the action “misguided” and “based on fundamental misconceptions.”
“We have contacted the Commission to set the record straight and explain how we protect the data of the 125 million people across the EU who come to TikTok every month,” a company statement obtained by Politico read.
There is some on-the-record justification for the ban: In early November, TikTok acknowledged that certain employees based in China had access to user data from the app’s European users.
To alleviate concerns over user data security, the company recently announced its plans to explore storing the information of European users in three data centers located in Europe.
More Comprehensive Data Security Approach Needed
“We’ve recently seen steps taken by the government in the US, at both the state and federal level, to ban TikTok from state-owned devices, so it’s no surprise to see the EU do so as well,” notes Matt Marsden, Tanium’s vice president of technical account management.
Marsden explains Chinese intelligence tactics are focused on longer-term objectives and are fueled by the sustained collection of data.
“The immense collection of user data, to now include commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations,” he says.
This data can also be leveraged to deliver targeted, timely, and often personalized psychological operations against individuals or groups of citizens. Thus, a “more comprehensive” approach needs to be taken to protect citizens from social media campaigns designed to further foreign political objectives.
“This [influence effort] has been observed during election cycles and politically charged events in recent years,” Marsden says.
“These national bans are part of a wider issue about how much Chinese influence is deemed acceptable when it comes to national infrastructure and everyday life,” adds Chris Vaughan, associate vice president for Technical Account Management in EMEA for Tanium, via email. “We have seen concerns increase in the West in recent months, with the use of Chinese surveillance technology being restricted and Chinese computer chips being rejected. There have been numerous reports of Chinese efforts to sway politicians by way of lobbying and donations, and the public via social media and the spread of disinformation.”
Banning Apps Doesn’t Solve Data Privacy Issues
The moves follow proposed or already enacted bans on the popular social media app in the United States, where government representatives at the state and federal levels have expressed concerns that the app could harvest sensitive data from devices and make it available to the Chinese government.
In December, Texas and Maryland joined three other states in prohibiting accessing TikTok from state-owned devices.
TikTok CEO Shou Zi Chew is also expected to testify in front of Congress in March to address security concerns.
While the debate over social media bans on apps including TikTok continues to percolate, IT security experts have cautioned that in order for bans to be effective, they must be enforced through a comprehensive device visibility and governance strategy.
Banning apps is also not a panacea for more widespread data privacy concerns, others argue, many of which stem from a cultural problem in which consumers willingly hand over vast amounts of information about themselves.