Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management
EU Orders Staff to Remove TikTok From Phones, Devices
Decision Affecting 32,000 Employees Aimed at 'Cyber Threats and Incidents'The European Commission and Council of the European Union have directed employees to remove the ByteDance-owned, short-form video app TikTok from their phones and corporate devices, citing security concerns.
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The decision follows similar bans in the U.S. and other countries, driven by fears of Chinese hacking and influence. The commission says it is protecting its 32,000 employees from "increasing cyber threats and incidents."
"It is, therefore, our duty to respond as early as possible to potential cyber alerts," the commission wrote in an email to employees, obtained by Politico. Security developments of other social media platforms also will be kept under constant review, the commission says, adding that the suspension is an "internal corporate decision which is strictly limited to the use of devices enrolled in its mobile service." Staff must uninstall the app before March 15.
The Chinese-owned social media app has been at the center of controversy worldwide, including in the United States, where the app's ownership by Chinese company ByteDance led to concerns that the app poses a national security threat.
The federal government and approximately 20 U.S. states have banned the use of TikTok on government devices. FBI Director Christopher Wray told a congressional panel in November 2022 that the bureau has numerous concerns about TikTok.
"They include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices," Wray said.
"The measure is in line with the commission's strict internal cybersecurity policies for use of mobile devices for work-related communications," according to the statement. "It complements long-standing commission advice to staff to apply best practices when using social media platforms and keep a high level of cyber awareness in their daily work."
The European Commission and TikTok representatives were not immediately available to provide additional details.
Recent Fine for Privacy Violations
In January, the French data protection agency imposed a fine of 5 million euros against TikTok, saying the Chinese company violated national privacy law that restricts the monitoring of web browser activity.
An investigation by the National Commission on Informatics and Liberty - known as CNIL - found TikTok's web application directed users into enabling tracking cookies (see: French CNIL Fines TikTok 5 Million Euros for Cookie Policies).
An inspection of the web platform in mid-2021 showed TikTok allowed French users to accept all cookies with a single click but made them click several times when rejecting additional cookies.
European governments sought to allow consumers to reject cookies that track user activity solely for the purposes of online advertising. TikTok, which averages about 1 billion users per month globally, has emerged as the internet's new advertising juggernaut through tracking cookies on its own website and third-party websites.
In February 2022, TikTok introduced a "reject all" button, giving its users the choice to either completely reject or accept TikTok cookies.