National intelligence law makes data unsafe
There’s a widespread international concern that the Chinese state can, and is, monitoring data on TikTok. The social media app is owned by Beijing-based ByteDance, and there’s a fear Chinese officials could demand access under the National Intelligence Law 2017 – a law that states all organisations must “support, assist and cooperate” with any matter of national intelligence.
TikTok denies it’s ever been asked to comply with this law, and maintains it will deny access to data even if it does.
‘State actors’ could manipulate the system
But the experts monitoring the situation have started to pull back the curtain on the app’s far reaching power. For example, a report from Australian-US cybersecurity firm Internet 2.0 claims TikTok can access a user’s calendar, apps, wifi networks and even sim serial numbers.
TikTok’s “For You” page is also a big sticking point for organisations. The page uses a complex algorithm to tailor content to its users and there’s very little clarity on how it all works.
Machine learning has reached such a complex level that even TikTok has trouble breaking it down. And that lack of transparency is understandably making authorities nervous.
Parliament and now North Yorkshire Council were both concerned a state actor could tamper with the algorithm and corrupt government employees.
TikTok bans happen right across the West
It’s not just the UK taking these measures – the US, Canada and European Commission have all introduced similar bans.
For now, the ban applies to government-issued devices. North Yorkshire Council members and officials can still use the app for personal use.
In May this year, however, Montana went a step further. They became the first US state to ban the use of the app on personal devices. And the law will come into effect next January.
TikTok believes measures are excessive
Spokespeople for the app claim the bans are an overreaction. They say data is currently stored outside China in the US and Singapore, and are also willing to propose an extra layer of security by storing US and EU data with third party servers in the US, Ireland and Norway.
In another case, TikTok admitted employees were spying on reporters. And The Guardian revealed their moderation guidelines helped promote Beijing’s foreign policy back in 2019.
It raises suspicion that these examples are merely the tip of the iceberg, and it’s prompting organisations and states to take immediate action.
North Yorkshire only council so far to take action
For now, the ban from Parliament doesn’t extend to local authorities, and both the Cabinet and LGA are leaving it up to individual organisations to decide.
Assistant director technology for North Yorkshire Council, Madeline Hoskin, said: ‘We have made this decision because both the TikTok app and the website collect a lot of personal and very detailed information that is stored outside of the UK, and though currently this data is predominantly used for targeted advertising, the volume and depth of the data being captured and stored poses a potential risk we do not believe is acceptable.’
North Yorkshire put the ban in place back in March, but they remain the only standalone council to introduce the policy. Will others eventually pull the plug too? Only time will tell.
This article and related document links do not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Risk Management Partners cannot be held liable for any errors, omissions or inaccuracies contained within the article and related document links.
Readers should not act upon (or refrain from acting upon) information in this article and related document links without first taking further specialist or professional advice.
Risk Management Partners Limited is authorised and regulated by the Financial Conduct Authority. Registered office: The Walbrook Building, 25 Walbrook, London EC4N 8AW. Registered in England and Wales. Company no. 2989025