The European Commission's TikTok Ban: What to Know
The European Commission has banned TikTok from use on staff devices. Here's what to know—and how it fits in with policies and debates on TikTok elsewhere.
The European Commission has banned TikTok from use on staff devices. Here’s what to know — and how it compares to other policies and debates on TikTok. Brought to you by Global Cyber Strategies, a Washington, DC-based research and advisory firm.
The One-Liner
The European Commission’s action against TikTok is targeted, prohibiting usage of the app on staff devices and some others, and it indicates that Europe may become a more significant zone of debate over TikTok’s future and broader policies on Chinese technology companies, products, and services.
Breaking Down the Development
This is the first time the European Commission has banned staff use of an app.
The European Commission banned staff from using TikTok on work devices and on any personal devices that have work-related apps installed, per a spokesperson.
The Commission has around 32,000 permanent and contract employees.
The email to staff required officials to uninstall TikTok from the applicable devices prior to March 15, and “at their earliest convenience.”
The Commission’s email, per Politico Europe, read in part:
“To protect Commission’s data and increase its cybersecurity, the EC Corporate Management Board has decided to suspend the TikTok application on corporate devices and personal devices enrolled in the Commission mobile device service.”
Sonya Gospodinova, EU spokesperson, said:
“The measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the Commission.”
What Does This Mean?
A few members of European Parliament have spoken about concerns related to TikTok before — for instance, German member Moritz Körner stated in January that “the EU’s inactivity towards TikTok has been naive” and that “the data dragon TikTok must be placed under the surveillance of the European authorities.”
But for the most part, TikTok has not received the same scrutiny from executive authorities and elected officials in the EU as it has in the US. This targeted ban, focused on European Commission staff and their devices, is a major development in a bloc that has previously been relatively quiet about TikTok.
Based on TikTok and media reports, TikTok has gone in Europe from approximately 12 million active monthly users in 2019 to approximately 100 million active monthly users in 2020 to approximately 125 million active monthly users in 2022. For 2021, the number ostensibly falls somewhere between 100 million and 125 million. The European Commission’s action against TikTok only impacts its 32,000 or so staff members, but it raises interesting questions about whether there is new momentum for additional action against TikTok in Europe — a strong market for the company.
Among other things:
The European Commission’s explanation could be phrased better. In particular, the use of the word “cyberattacks” to describe the concerns about TikTok suggests there is concern about the Chinese government launching cyber operations against devices via TikTok, or something of the sort — when most of the other explanations (and, reportedly, internal emails) describe concerns about the app’s data collection. My interpretation is that the European Commission’s concerns relate to TikTok’s data collection and the risk that the Chinese government is able to access data on Commission staff through the app, and that it simply phrased this perspective poorly when using the term “cyberattacks.”
The Commission is not publicly specifying the information that led it to this conclusion. TikTok says it was not contacted by the Commission about the decision. While the Commission’s ban here is targeted, focused on Commission staff devices, the apparent process behind the decision raises similar questions about the US’ actions in this arena: what information drove this decision, what criteria went into the review process, and what are the oversight and transparency mechanisms, if any, that did or should apply to this kind of decision?
Looking ahead, one of the biggest, open questions is whether this action will compel individual European governments or even the European Union to focus more attention on TikTok and propose actions or policies around its market presence in Europe writ large. Without attempting to draw a complete parallel (which there is not), it is still worth noting that the widespread debates about TikTok in Washington, DC largely began in a similar fashion — where individuals focused on cybersecurity and national security took a more concerted look and oriented their discussion towards bans on TikTok on government devices, before the conversation became more mainstream and broader in scope vis-a-vis banning TikTok in the US completely (a debate that is still ongoing).
Subscribe for more public insights, and reach out on Global Cyber Strategies’ website for a range of custom-tailored research and advisory services.
—
© 2023 Global Cyber Strategies LLC.