When Grant Shapps assumed the role of the UK’s defence minister earlier this month, he faced immediate scrutiny regarding his use of social media. Shapps, who had previously served as the energy minister, had been an active user of TikTok within the British government. This prompted military experts and the media to inquire whether he still had the app installed on his phone, even though it had already been banned from official devices in Parliament. The United Kingdom is not the only nation concerned about TikTok’s security implications.
Throughout this year, several countries have taken steps to prohibit TikTok from being used on devices belonging to government personnel and elected officials. They cite “national security risks” without providing specific details. In March, the European Commission, European Union, and European Parliament collectively imposed a ban on the use of TikTok on officials’ devices. Later, the European Parliament urged member states to implement similar measures.
The primary reason for such caution across Europe stems from TikTok’s association with ByteDance, a company registered in the Cayman Islands but managed from Beijing, China. This connection to China and concerns—despite TikTok’s denials—that the company might be compelled to share data with the Chinese Communist Party government has fueled anxieties about TikTok’s security.
Skepticism and Political Concerns Surrounding TikTok’s Project Clover
In an effort to alleviate concerns among European governments, TikTok has announced a substantial investment of €1.2 billion ($1.3 billion) to construct three new data centres. These data centres, located in Ireland and Denmark, are expected to be operational by the end of 2024. The primary objective is to ensure that user data within the EU will not leave the jurisdiction. This initiative, known as Project Clover, aims to demonstrate TikTok’s compliance with EU data transfer regulations and its commitment to safeguarding sensitive user information from being transmitted to China.
As part of Project Clover, TikTok is also establishing a European “transparency centre” that will be accessible to regulators. This centre will provide insights into the platform’s inner workings, enhancing transparency and accountability. Additionally, TikTok has enlisted the services of an external consultant, the UK-based NCC Group, to assess its cybersecurity measures independently.
Theo Bertram, TikTok’s Vice President of Public Policy in Europe, expressed confidence in the project, stating, “We believe that this is genuinely industry-leading. No one else has done something like this.”
However, scepticism regarding Chinese technology remains prevalent in certain EU regions and in the UK. Senior intelligence officials have raised concerns about Beijing’s increasing influence in the realm of cyberspace.
Sam Sharps, Executive Director of Policy at the Tony Blair Institute for Global Change, commented on the situation, saying, “I don’t really know how this plays out. And whether the reassurances they give—even if today, they meet the best standards of investigations of data protection authorities around Europe—are at a political level going to be enough.”
Popularity and User Engagement of TikTok in Europe
TikTok boasts approximately 150 million users in Europe, a significant portion of whom are dedicated users spending around 90 minutes or more on the platform daily. The platform’s popularity is characterized by a younger and highly engaged user base, setting it apart from competitors in the social media landscape.
The persistent threat of a ban hovers over TikTok, primarily due to its longstanding ties to China. Despite being a separate entity from the Chinese app Douyin, TikTok shares certain features and has a parent company, ByteDance, with connections to China. While TikTok has made substantial efforts to localize its app by expanding its staff in operating countries, ByteDance’s management remains rooted in China. Although the company asserts that no identifiable user data is transmitted to its headquarters in Beijing, concerns exist among Chinese sceptics who believe that China’s telecoms and national security laws might require them to access user data if requested. TikTok denies having received such requests and states that it would not comply if it did.
Moritz Körner, a German member of the European Parliament, expresses concerns about TikTok, citing risks for European users, including potential data access by Chinese authorities, censorship, and the tracking of journalists.
In the United States, there is bipartisan agreement that China represents the country’s greatest threat, leading to calls for an outright ban on TikTok and other Chinese-owned technology platforms. In response, TikTok initiated Project Texas, similar to Project Clover, aiming to relocate data, establish a transparency centre, and appoint Oracle as an independent auditor overseeing its data practices. This project has sparked disputes, including with the Chinese government, over who should scrutinize TikTok’s algorithm, which sets it apart from competitors.
European Concerns and Policy Implications
The U.S. government has suggested the possibility of forcing TikTok to separate from its Chinese parent, but the Chinese government opposes such a move.
Körner acknowledges that Project Clover is a step in the right direction but doubts its ability to prevent European data, if requested by Chinese authorities, from ultimately being transferred to China. He points out that TikTok, like U.S. tech giants, faces conflicting legal requirements, needing to adhere to Chinese law while also complying with EU law.
While some countries have taken a more lenient approach towards TikTok, various EU institutions, including the European Commission, European Parliament, and EU Council, have banned TikTok from official devices used by parliamentarians and their staff. Several EU member countries, including Belgium and Denmark, have implemented similar bans. Although not an EU member, Norway prohibits government officials and parliamentarians from having TikTok on their devices as a member of the European Economic Area.
TikTok’s efforts to safeguard European data will remain insufficient until it can win over sceptics. Körner insists that until a legally binding data protection agreement between China and the EU or an EU-China no-spying agreement is established, European authorities must maintain constant oversight of TikTok, considering mobile phones as critical infrastructure. Given ongoing cybersecurity concerns, Körner suggests banning TikTok from the devices of European political and economic decision-makers.
Furthermore, European policymakers have additional concerns beyond China. Although TikTok plans to migrate all European user data to European data centres through Project Clover, it is currently held in a “European enclave” in the United States as an interim measure. While this is permitted under rules governing European-to-US data transfers, the reliance on sending European user data to the U.S. may raise concerns among sceptical policymakers.
