• Home
  • News
  • TikTok’s new privacy policy confirms that Chinese staff can access European users’ data

TikTok’s new privacy policy confirms that Chinese staff can access European users’ data

Partager sur facebook
Partager sur twitter
Partager sur linkedin
Partager sur email

TikTok is reminding its European users that their data can be accessed by employees outside the mainland, including in China, amid political and regulatory concerns about Chinese access to the platform’s user information.

Indeed, the social platform is revising its privacy policy for European users to explicitly state that users’ data can be accessed by certain employees around the world, including from China.

Currently storing European users’ data in the U.S. and Singapore, the platform said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows out of the region and store information locally.

Other countries where TikTok staff could access European users’ data include Brazil, Canada and Israel, as well as the United States and Singapore.

Elaine Fox, TikTok’s head of privacy in Europe, stated, « Based on a demonstrated need to do their jobs, subject to a series of robust security controls and approval protocols, and through methods recognized by the GDPR, we are allowing certain employees of our group of companies located in Brazil, Canada, China, Israel, Japan, Malaysia, the Philippines, Singapore, South Korea, and the United States to remotely access TikTok’s European user data. « 

The data could be used to conduct checks on certain aspects of the platform, including the performance of its algorithms, which recommend content to users. 

In a letter to Republican senators revealed in July, TikTok CEO Shou Zi Chew said a « limited set of non-sensitive data » about U.S. users could be accessed by foreign employees, subject to approval by a U.S.-based TikTok security team. He added that none of this data was shared with Chinese government officials.

U.S. President Joe Biden rescinded his predecessor Donald Trump’s executive orders requiring the sale of TikTok’s U.S. operations, but he asked the U.S. Commerce Department to make recommendations to protect the data of people living in the United States from « foreign adversaries. » The U.S. Foreign Investment Commission, which reviews business transactions with non-U.S. companies, is also conducting a security review of TikTok.

Ireland’s data watchdog, which has jurisdiction over TikTok throughout the European Union, has also launched an investigation into TikTok’s transfers of personal data to China.

Michael Veale, associate professor of digital rights at University College London, said that under a recent EU decision, data transfers between the EU and China should be subject to security checks. 

According to Veale, Chinese data laws could raise questions about the security of even limited data transfers. However, he adds, « I’m not convinced that the Chinese government is currently focused on spying on individuals’ TikTok data. They have other ways to obtain private information. Growing and deepening an influential platform is in itself a powerful goal. »

Évaluez votre niveau
de conformité

En quelques clics,
lancez sans engagement
et en toute conformité un
audit flash !

Pour recevoir votre audit flash gratuit et sans engagement, merci de bien vouloir remplir ce formulaire :