The UK government has called on the National Cyber Security Centre to examine TikTok as a measure that may set a precedent for a complete ban on the app for government devices.
The government has asked the NCSC to look into the popular video sharing app, with security minister Tom Tugendhat speaking to Sky News and saying that he was not ruling out a ban but wanted to wait until the Centre's review had concluded. "Understanding exactly what the challenges that these apps pose, what they are asking for and how they're reaching into our lives is incredibly important," he said.
This development follows a report in the Sunday Times at the weekend, which suggested that a ban is incoming. The newspaper suggested that TikTok is set to be banned from all government devices — after initial security assessments had raised concerns about the safety of sensitive data.
We've reached out to the Cabinet Office for the NCSC review and rumors of a ban pending and will update this report should we hear back. Update: Spokesman had no further comment except for saying: "All departments have robust processes in place to ensure government IT devices are secure, including managing risks from third party applications."
We also reached out to TikTok for comment. The company spokesperson had to say:
While we await specifics about concerns the UK government might have, we shall be disappointed by such a move. Decisions that have been made elsewhere appear to have been based on misguided fears and seemingly are motivated by broader geopolitics, but we remain committed to working with the government on addressing concerns. We have begun our thorough process of further enhancing the protection of our data of users in Europe and include the storage of data of UK users in European data centers, as well as strengthening access controls related to data, including having independent oversight by third parties regarding our approach.
An increasingly dire list of objections: that central user data on the app itself is not handled in an appropriately secure manner; the application might be employed either for Chinese Community Party-style propaganda purposes or in efforts to influence operations carried on under its aegis ; and influence people's perception of current or other events in the West — all these and perhaps other factors have inspired new bans from other governments and various public bodies on this particular Chinese-owned app. A recent spate includes rulings from the European Commission and the federal government in Belgium and, lastly on Friday from the United States. House of Representatives.
Some six months ago, back in mid 2020, the Indian government actually went further — banning TikTok and a swathe of other Chinese made apps, meaning citizens can't even download them for personal use — saying it was taking the step over concerns the software posed a risk to national security and to "the sovereignty and integrity of India", as it put it at the time.
Former U.S. President Donald Trump also gave TikTok headaches later in the year when he signed an executive order that prohibited transactions with ByteDance, the parent company of TikTok, and also tried to ban the app from the U.S.
The Trump TikTok ban was stalled and another attempt by him to make the Chinese company sell the U.S. operations of TikTok to Oracle was also put on the backburner. However while the next U.S. president, Joe Biden undid the Trump administration's actions on TikTok by revoking them, he also signed a new order that requires the Commerce Department to review apps that "have ties to jurisdictions of foreign adversaries" and can pose national security risks for the United States so there is still much U.S. attention on TikTok.
The company has replied with several major data localization infrastructure programs to Western security concerns.
It reported last year that the data of all US users had been transferred to Oracle servers in the US. There have been similar efforts in the EU, that is to say, the data of EU users hasn't 'localised' yet. However, TikTok turned up the volume on regional PR efforts recently by declaring it will layer new processes about access and control to and over locally stored data coupled with a promise to hire an external auditor to reassure concerns that employees outside of the bloc can still have European TikTok user data.
EU data protection authorities are probing into the legality of regional data exports by TikTok, in parallel.
The social media platform is taking more bad publicity in the region today: A report in the Financial Times contains allegations the company mishandled claims of sexual harassment against a senior manager at its London office. Five former employees told the newspaper they had experienced or personally witnessed sexual harassment at the organization in its U.K. and European offices.
A TikTok spokesperson said, in a statement, following the FT's report:
Any form of harassment in our workplace is absolutely abhorrent and will be dealt with with the strongest possible disciplinary action. We are absolutely confident in the rigor of our process for surfacing, investigating, and taking action on any and all complaints of this nature.