EARLY AUGUST, THE US PRESIDENT REQUIRED THAT ALL AMERICAN ACTIVITIES OF THE CHINESE SOCIAL NETWORK BE TRANSFERRED TO AN AMERICAN COMPANY WITHIN 45 DAYS, OTHERWISE THE APPLICATION WOULD BE blocked. LET’S TAKE A FEW MINUTES TO ANALYZE THE BACKGROUND OF THIS CASE, WHICH HAS TO DO WITH DATA SECURITY AND ECONOMIC SOVEREIGNTY.
Created in 2016, TikTok is a mobile social networks application that allows users to publish short music videos. Developed by the Chinese company ByteDance as the counterpart of the Douyin application for the non-Chinese market, it has proven to be extremely popular, particularly among 16-24 year olds, who broadcast choreographies, humoristic scenes or share their daily life. The confinement in many countries has fostered its development and Tiktok is now considered to be the application with the highest growth in 2020 for all countries combined. It is the second most downloaded application in the world and has nearly one billion monthly users.
Although TikTok’s international operations are managed in the United States, in Los Angeles, the application remains under the management of its Chinese parent company Bytedance.
Accusing the platform of engaging in espionage-like activities on behalf of the Chinese government and fearing that the social network could influence the November 3 presidential elections, the U.S. president signed an executive order on August 6, 2020, to ban any transaction between a U.S. citizen or company and TikTok within 45 days. Practically speaking: urge Google and Apple to stop making the application available. The aim: forcing the sale of the company’s American activities into American hands before 20 September 2020.
TikTok’s slogan “Make every second count” seems particularly appropriate to the situation!
TikTok has filed a lawsuit in a federal court, but the ultimatum has nevertheless been successful: on Saturday 19 September, President Donald Trump gave the go-ahead for a takeover project involving the American companies Oracle and Walmart, on condition that they take full control of the new group. This project is supposed to solve the security problems raised by the American administration. The Oracle IT group would thus be responsible for hosting all US user data and the security of IT systems
Issues: Data protection for US citizens or economic war?
In several cases, TikTok has been accused of data security breaches. In February 2019, TikTok was fined $5.7 million in the United States by the Federal Trade Commission (FTC) for illegally collecting and making public the data of children under the age of 13.
By the end of November 2019, another class-action lawsuit had been filed before the California federal court. TikTok and ByteDance were accused of seizing draft videos and amounts of personally identifiable data without users’ consent. The information would then be transmitted directly to China.
The whole issue involved in the sale of TikTok would be to separate the American activities, and to avoid the transfer of data to China, a country where legislation is still under construction and does not sufficiently guarantee the protection of personal data.
Serious doubts remain, however, as to the technical possibilities of making the two systems tightly watertight, since, for the time being, ByteDance would retain control over its data collection algorithm.
Beyond data protection, the geopolitical aspect of this affair is particularly significant, serving as a foil for President Donald Trump to show his power in the economic war raging between the two countries, a few months before the US presidential election.
China is not standing still in this tug-of-war. In August 2020, the Chinese government updated its Export Control rules to cover a variety of technologies deemed sensitive. The Chinese Ministry of Commerce included algorithms in the list of technologies that theoretically cannot be exported. These rules could allow the Chinese state to oppose the sale or at least impose a much less ambitious deal than President Donald Trump had hoped for.
What is the situation in Europe?
Following a formal complaint, the French Commission Nationale de l’Informatique et des Libertés (CNIL) announced last August that it had opened an investigation into the practices of the application in relation to personal data collection and compliance with the provisions of the RGPD, on issues involving the information provided to individuals, the way in which their rights are exercised, flows outside the European Union, and measures taken with regard to minors.
While TikTok has announced the forthcoming opening in Ireland of its first data centre for European users, the European Data Protection Committee (EDPS) created in June 2020 a working group to analyse TikTok’s practices across the European Union and coordinate potential actions. The Committee will investigate data collection and security and privacy risks.
The United States and Europe have different approaches to the Tiktok issue, illustrating radically different approaches to data sovereignty: the one with an economic view and the other with a protective perspective.
More than ever, data is the oil of the 21st century and a new source of conflict between countries.