TikTok informs its European users that their data can be accessed by employees outside Europe, including China, amid political and regulatory concerns about Chinese access to platform user information.
Other countries where TikTok staff could access European user data include Brazil, Canada, Israel, Japan, Malaysia, Philippines, South Korea, and the U.S. and Singapore, where European user data is currently stored.
Elaine Fox, TikTok’s head of privacy in Europe, said that they allowed certain employees within their corporate group in several countries remote access to TikTok European user data. The countries include China, the U.S., Canada, Brazil, Israel, Japan, Malaysia, the Philippines, Singapore, and Korea. It was based on a demonstrated need to do their job, subjected to robust security controls and approval protocols, and by methods recognized under the GDPR (the E.U. ‘s general data protection regulation).
TikTok used data to audit aspects of the platform, including the performance of its algorithms, which recommend content to users and detect vexatious automated accounts.
In June, citing leaked audio from TikTok in-house meetings, BuzzFeed News reported that ByteDance employees in China had repeatedly accessed private information about U.S. TikTok users.
In July, TikTok admitted that it has engineering teams worldwide, including in Mountain View, London, Dublin, Singapore, and China. Those teams may need access to U.S. data for engineering functions specific to their roles.
In a disclosed letter on June 30 to nine American senators, Shou Zi Chew, TikTok’s CEO, said foreign employees could view a “narrow set of non-sensitive” U.S. user data if approved by the US-based TikTok security team. He also stated that no data was shared with Chinese government officials.