New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users’ Data

Cyber Security

Popular short-form video-sharing service TikTok is revising its privacy policy for European users to make it explicitly clear that user data can be accessed by some employees from across the world, including China.

The ByteDance-owned platform, which currently stores European user data in the U.S. and Singapore, said the revision is part of its ongoing data governance efforts to limit employee access to users in the region, minimize data flows outside of it, and store the information locally.

The privacy policy update applies to users located in the U.K., the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022, according to The Guardian.

“Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the U.S. remote access to TikTok European user data,” the company said.

TikTok further said its security controls consist of system access restrictions, encryption, and network security, adding it doesn’t collect precise location information from its users in Europe.

The development also takes place against mounting regulatory scrutiny of the platform on both sides of the Atlantic, which has over one billion monthly active users. ByteDance has repeatedly denied it is controlled by the Chinese government.

In July 2022, it hit the brakes on a controversial privacy policy update in Europe that could have allowed it to serve targeted ads based on users’ activity on the social video platform without their explicit consent.

It has also faced rough weather in the U.S., what with Brendan Carr, a Republican member of the Federal Communications Commission (FCC), calling for a ban of the application over national security concerns that user data could be accessed by Chinese authorities.

Last month, the company contested a report from Forbes that a China-based team at ByteDance planned to use the platform to track the locations of select U.S. citizens without their knowledge or permission.