TikTok became the most popular app in 2019 and 2020 and was the most downloaded app in 2021, reaching 1 billion active users. The app is available in 154 countries and the average user opens TikTok nineteen times a day. TikTok has skyrocketed in popularity and has significant influence in pop culture today. Its most followed account, Khaby Lame, has 155 million followers and has earned millions of dollars from his growing popularity on the app, he has even entered a partnership with Hugo Boss valued at $450,000. Khaby Lame went from being laid-off as a machine operator during the pandemic to a global sensation thanks to TikTok.
It is difficult to argue against the power and influence of TikTok, but it is exactly that influence that has landed the app, and its parent company, Byte Dance, in hot water. What initially seemed to be an innocent and fun video sharing app, used by teenagers and millennials, quickly went under scrutiny when its parent company’s ties to China was made known. It was not long after that concern over what data is being shared with the Chinese government took hold. The worry is that sensitive data that is captured by TikTok is accessible by the Chinese government with a simple request due to their national intelligence laws. There are also concerns that China could use TikTok’s content recommendations, for instance, its ‘for-you’ page for misinformation.
TikTok has denied these allegations and has made various attempts to show its distance from its Chinese parent company and take measures to show improvement in protecting users’ data. In Europe, TikTok will open two data centres in Dublin and another in Norway (Project Clover) to store videos, messages and personal information generated by the millions of users in Europe. In June 2022, TikTok said it had migrated US users’ information to servers run by American software giant Oracle in Austin, Texas. But these assurances have not been enough to appease other countries’ concerns and questions. It would still be possible for the Chinese government to enact legislation that would give them the power to order ByteDance to hand over customer data held in overseas data centres. This exact scenario already occurred in New York as the New York District Court ordered Microsoft to hand over data which contributed to the enactment of the CLOUD Act. Without doubt, the Chinese government would have similar powers. Last November, it was revealed that the personal data of TikTok’s European users could be handled by employees in China, Brazil, Canada, Israel, Japan, Malaysia, the Philippines, Singapore, South Korea and the US. Although TikTok gave assurances that these employees who access European data are subject to robust security controls that are approved and recognised under the GDPR, this revelation was still cause for concern for many countries and critics of TikTok alike. Forbes also revealed that the app was being used to spy on journalists’ physical locations by improperly gaining access to their IP addresses.
TikTok now faces major obstacles in Canada, the EU, the UK and the US where it has been banned from all government issued devices. It is not only the loss of users that will hurt TikTok but the message these bans send to the public. Each government institution is making a bold statement that, ultimately, TikTok cannot be trusted to protect user’s data and is a cybersecurity threat.
The EU IT service emailed all Commission employees to uninstall TikTok to protect the Commission’s data and increase its cybersecurity. TikTok was suspended on corporate devices and personal devices enrolled in the Commission mobile device services and employees were given a deadline of March 15. If users do not abide by the deadline, certain corporate apps such as the Commission email and Skype for Business will no longer be available to them. The EU Council and the European Parliament have since followed suit with bans of their own. The EU Council has instructed their staff to uninstall TikTok from their personal phones if their phones have access to EU Council services. The European Parliament ban starts March 20th and applies to corporate devices, mobile phones and tablets that are enrolled in Parliament’s mobile management application.
TikTok has responded to the EU bans stating that these actions and suspensions are misguided and based on fundamental misconceptions. One of TikTok’s criticisms of the ban is that the company had not been contacted directly by the Commission before the announcement of the ban. TikTok has nonetheless reached out to the Commission to explain how they actually protect the data of millions of EU citizens who use TikTok. TikTok responded to the European Parliament ban by stating that this “is a self-defeating step, especially in our shared fight against misinformation and when this action is being taken on the basis of fears rather than facts.”
Days after the European Commission announced their ban, Canada also banned TikTok on all government-issued devices. This ban follows a review by Canada’s chief information officer who stated that the app “presents an unacceptable level of risk to privacy and security.” The ban mandates that the government issued devices must not use TikTok and that employees will also be blocked from downloading the app in the future. The ban comes at an interesting time as Prime Minister Justin Trudeau has been pressured into investigating whether Beijing has interfered with Canadian elections. The timing of the ban and investigation may be purely coincidental or may be a culmination of furtive political drama.
TikTok again responded that they had no prior notice nor discussion about any concerns before this decision was made. The company believes that they have been singled out and these decisions infringes on the shared goal of protecting the privacy and security of Canadians. They emphasised that this decision only prevents officials from reaching the public on a platform that millions of Canadians use.
It is common knowledge that the US government has taken issue with TikTok, citing national security concerns. In December 2022, US federal employees were banned from using TikTok on federal government devices. The ban was passed by Congress and was included in the No TikTok on Government Devices Act, included in the government funding package. The US government said that this ban was necessary due to national security concerns. The US fears that the Chinese government can utilise TikTok to access federal devices and therefore access US users’ data. More recently, the White House has continued the crusade against TikTok by giving government agencies thirty days to scrub the app from their systems and all government devices.
TikTok countered, again emphasising the No TikTok on Government Devices Act was passed without consultation with the company and has served as a blueprint for other governments. Clearly, TikTok was correct as the EU and Canada, among other countries, have followed in the footsteps of the US. A TikTok spokesperson stated, “these bans are little more than political theatre.” The spokesperson continued to hope that when addressing national security concerns about TikTok that the government will consider options that will not effectively censor Americans.
China has also commented through its Foreign Ministry, accusing Washington of generalising the concept of national security and suppressing the enterprises of other countries.
In light of the bans from Congress, the US House Foreign Affairs Committee voted to advance a bill that grants the President authority to ban TikTok. This bill would invalidate current protections for creative content from US sanctions. The bill mandates that the President can impose sanctions on companies based in or controlled by China that transfer sensitive personal data of Americans to entities or individuals based in, or controlled by, China. Clearly, the US is leading a charge against TikTok and its parent company, ByteDance, but it remains to be seen to what extent the American government will oust TikTok and which countries will follow suit.
In the wake of the recent bans in the EU, Canada and the US, the British government has faced new criticism over its stance on TikTok. Some British government institutions have stopped using the app, but many individual politicians are active users. On Thursday 16th March, following a review by Britain’s National Cyber Security Centre, the government announced that TikTok is banned on government devices issued to government ministers and civil servants. The ban takes immediate effect but will not extend to ministers’ or civil servants’ personal phones. After the EU and Canada announcements, the UK government did not issue a ban relying on the robust processes already in place on government devices. Now, the UK has fallen in line and banned the app, but the delay to action shows that the UK is behind the curve. Some government institutions such as the Ministry of Defence and Downing Street still have TikTok accounts citing their robust processes to ensure their devices are secure and continue to use the app. There has been no response from TikTok yet, but it previously stated that it would be disappointed by the very move the UK government announced. It can be assumed TikTok’s response will be extremely similar to the responses given to the US, Canada and the EU.
The recent bans on TikTok in the EU, the US, the UK and Canada have reignited the debate on the safety and privacy concerns surrounding the social media app. TikTok has taken a few measures to address these concerns such as opening more data centres in Europe, opening transparency centres and stronger security measures but it has not been enough to appease world governments.
The EU, the US, the UK and Canada have most recently banned the app from government devices but, especially in the case of the US, this may not be the last step. Some believe that these bans are too harsh and cruel and negatively impact content creators and users while governments continue to cite national security concerns and the necessity for these steps to protect users’ data and the relevant institutions’ data.
TikTok maintains that these bans are misguided and are based on misconceptions but, as previously discussed, there has been cause for concern regarding TikTok’s access to personal data. With the implementation of these bans the EU, the US, the UK and Canada have taken a strong position on TikTok; and in doing so they are making a broader and necessary statement that data privacy and security concerns are of the utmost importance in this growing digital age.
 United States v. Microsoft Corp., 138 S. Ct. 1186, (2018)