The European Commission has banned its staff from using TikTok over security concerns

The European Commission has banned its employees from using the Chinese social media app TikTok over security concerns.

The European Union has banned the popular Chinese video-sharing app TikTok from the mobile devices of its employees over security concerns. The app developed by the Chinese firm ByteDance has over 1 billion active users worldwide, it has come under close scrutiny in the US and other countries for its alleged link with the Government of Beijing.

The US already warned of the alleged link between the Chinese company and the Communist Party, accusing TikTok of collecting and sharing data for Chinese intelligence.

A senior official told POLITICO that all staff was ordered on Thursday morning to remove the popular app from their official devices. The staff was also ordered to uninstall the app from their personal devices by March 15 if they were also used for professional business.

An alternative option for the staff is to delete work-related apps from their personal phones if want continues to use TikTok. 

“To protect Commission’s data and increase its cybersecurity, the EC Corporate Management Board has decided to suspend the TikTok application on corporate devices and personal devices enrolled in the Commission mobile device service,” said the email sent to staff on Thursday morning.

“The reason why this decision has been taken is to … increase the commission’s cybersecurity,” commission spokesperson Sonya Gospodinova said at a press briefing in Brussels. “Also, the measure aims to protect the commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the commission.”

A similar move was adopted by the US Government that is banning the use of TikTok on all government devices by the end of February 2023 due to national security concerns related to TikTok’s ties to China

TikTok has yet to comment on the decision.

In January 2020, the US Army banned the use of the popular TikTok app on mobile phones used by its personnel for security reasons.

In November, the short-form video-sharing service updated its privacy policy for European Economic Area (“EEA”), the UK, and Switzerland and confirmed that its users’ data can be accessed by its personnel, including Chinese employees.

European user data could be also accessed by TikTok staff in Brazil, Canada and Israel as well as the US and Singapore, where user data is currently stored.

In December, TikTok parent company ByteDance revealed that several employees accessed the TikTok data of two journalists to investigate leaks of company information to the media. 

According to an email from ByteDance’s general counsel Erich Andersen which was seen by the AFP news agency, the Chinese company was attempting to discover who shared company information with a Financial Times reporter and a former BuzzFeed journalist.

The company fired an undisclosed number of employees who were involved in the data leak because they violated the company’s Code of Conduct, but it did not reveal their names.

In an attempt to discover the location of the unfaithful employees, the Chinese personnel analyzed their IP addresses, but this method was approximate.

While Western governments are banning the app from government devices, the company announced that it plans to open two more European data centers to allay data privacy and security concerns.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, EU Commission)