What should have been a significant investment announcement for TikTok in Ireland last week was shrouded in unanswered questions.
The Chinese-owned tech giant – fast becoming the favorite social network among kids – has given the green light to its €600 million data center project (at Echelon’s data center campus). It comes amid the huge scaling of TikTok to more than 3,000 people here in the years to come.
But TikTok won’t say how much, if any, of that data is going from here to China. This could be a big deal.
In Europe, China is considered a fundamentally unsafe place to send data. The consensus is that the authoritarian government there has near-unrestricted access to everything, despite a recent privacy law aimed at better protecting Chinese citizens from corporations.
We know that this is the prevailing European view, due to the pronouncements of the highly influential European Data Protection Board (EDPB) on the subject. In a recent report, she criticized the Chinese government’s “broad and unrestricted access to personal data” and pointed out that the legitimacy – or “appropriateness” – of data transfers there was very questionable.
In English, that means the Irish Data Protection Commissioner (DPC), as well as other authorities across Europe, may soon have to stop individual companies from sending data there.
That’s what some high-ranking data protection experts here say in private.
“Probably never,” one said when I asked for comment on whether China would receive an “adequacy” status, which is required for full data
Transfers there from the EU.
We’ll likely see this tested sooner rather than later. The DPC recently launched two major investigations into TikTok. The first concerns whether TikTok is a law-abiding custodian of children’s data. But the second investigation directly concerns “transfers of personal data by TikTok to China.”
TikTok is a little evasive about all of this. She tries to brush the question aside or generalize about her data policy, citing compliance with EU regulations as the answer.
“We have never been asked to provide TikTok user data to the Chinese government, nor have we provided any data to it,” a spokesman told me last week.
“This is also reflected in our semi-annual transparency reports, in which we provide details of all government requests we receive for user data.”
The transparency reports do not include figures for China as TikTok is not available in China. But the parent company ByteDance is headquartered in China.
And on the outside, there seems to be at least some exchange between Dublin – which has almost 2,000 employees and should soon grow to over 3,000 – and Beijing. It would be strange if this were not the case.
A casual glance at TikTok Dublin’s job vacancies suggests so, as it is currently promoting Chinese-Mandarin translators in Dublin to “facilitate effective communication across functions and regions” and “translate a wide range of documents”. in the areas of technology, management and strategy. A further perusal of the fine print reveals that the company shares Irish users’ information within its “group of companies” for activities such as cloud hosting, security, content moderation, and research and development.
“Some transfers of data remain necessary to support this global community and to make their experience on TikTok enjoyable and secure,” the company’s Dublin-based European Data Protection Officer, Elaine Fox, said in a blog post.
“In this context, it’s important to reflect on the importance of interoperability and preserving what is now a global entertainment platform that brings joy to people around the world and allows our creators to benefit from bringing audiences across the world.” Reach more than 150 markets where TikTok is available.
“We believe it is important to take action to avoid creating digital islands that would reduce opportunities for European creators.”
In 2022, that sounds perfectly reasonable. But what if transferring user data to China violates European rules?
This is a problem that all big companies face. But few have the complications of TikTok. Despite their size and scope, Google and Meta have minimal corporate presence in China and don’t face many awkward questions about user data there.
But TikTok is ultimately responding to a Chinese-led corporate structure that may (or may not) be under pressure to comply with Chinese infrastructure conditions, which the EDPB says give it “unlimited” access to corporate data.
It’s not like there’s a slam dunk case against TikTok here, or that we should all be panicking about a data center owned by a Chinese company in Dublin. In fact, slapping your chair and chest over China can sometimes be a little too easy.
But there may well be a transparency issue with TikTok’s user data and who is reviewing it. There’s a lot we don’t know about the company and how it’s run.
Given that it’s by far the fastest growing major social network in the world and used by half of the pre-teens here, that can’t really be sustained.
The DPC’s investigation into this should raise some interesting answers.
https://www.independent.ie/business/technology/tiktoks-unanswered-questions-over-transfer-of-user-data-to-china-shrouds-600m-investment-41535866.html TikTok’s unanswered questions about transferring user data to China obscure a €600 million investment