Picture of a TikTok app icon on a mobile phone situated on a black background. 2020. ©Solen Feyissa
In 2014, European courts ruled against Google Spain in a case where a man wanted his outdated information removed from the search engine. In 2018, an investigation was undertaken by the Irish privacy commission on Meta – Facebook’s parent company – and resulted in a 390 million euros fine (Satariano 2023). And in 2023, the same agency has launched two investigations on TikTok: one regarding child safety and the other on data transfer to China (Vinocur, Goujard, Herrero & Westendarp 2023). With the entry into force of the Digital Service Act (DSA), if TikTok is found guilty, its fine could be set higher than Meta’s. This scenario resulted in the meeting between European lawmakers and TikTok CEO Shou Zi Chew on January 10, 2023, where the app’s adaptation to DSA was the main focus (Vinocur, Goujard, Herrero & Westendarp 2023). The implementation of the DSA together with the investigation’s shift from US companies to Chinese ones proves to be an interesting field of research.
Thus, the present article aims to discuss if TikTok is the latest punching bag of EU’s privacy regulation or if it stems from the current EU-China political relations. To tackle it, first, the DSA will be explained. Then, a comparison will be made between TikTok’s privacy standards and US-platforms. And lastly, this discussion will be placed within the broader context of the EU-China geopolitical tensions.
Before tackling it, it is key to understand the evolution of TikTok into the international market. Originally, Bytedance launched a video sharing app called Douying aimed at the Chinese market. App developers operating in China are expected to moderate content as they can be fined or have their business licences revoked (Meyer 2022). However, as the app wanted to increase its number of users – while maintaining their presence in the mainland – they created a different version, TikTok, for the international markets. While the concepts and source code are similar, the apps are entirely separate. That is, they do not share information with one another. TikTok has tried to ensure its independence from the Chinese government, going as far as to appoint an American spokesperson (The Guardian 2022).
Nevertheless, the Chinese model, based on the promotion of their own tech giants (e.g. Alibaba), has raised concerns in Europe. The public-private partnership that is necessary to succeed in the tightly controlled environment of the Chinese market is not operative in international bodies – even with Beijing’s push for governmental micromanagement of the Internet during its holding of the International Telecommunication Union chair (O'hara & Hall 2018). While China and the US have large centralised markets that fuel their algorithms, Europe is a more fragmented market, especially with the General Data Protection Regulation (GDPR) stern legislation on data sharing (O'hara & Hall 2018). The political hostility together with the EU's normative power has placed TikTok at a crossroad in legal, regulatory and security terms within the bloc.
The DSA: an ambitious proposal and a challenge for TikTok
Nowadays, one can only participate in the creation of public discourse through a private contractual relationship. The contribution of said contract can be monetary, but in most cases is in the form of commercially usable data (Bendiek 2022). As the EU aims to uphold a democratic public discourse, while countering the platforms’ concentration of power, it has opted to heavily regulate the Internet. The well-known GDPR is complemented by sector-specific legislations, such as the e-Commerce Directive and Platform-to-Business Regulation. In 2020, the EU elaborated two draft proposals: the Digital Services Act (which will be implemented in mid-2023) and the Digital Markets Act (which is a work in progress). The former aims at forcing the major internet platforms to moderate their content and be transparent on their services in the bloc, and the latter to establish a single set of rules to be applied across the Union to govern platforms (Albert 2022).
The DSA has as an objective to change the status quo and force major platforms – or as the DSA calls them, online intermediary services – to be more transparent about their algorithms and hold them accountable for the public discourse created through their content. To do so, EU lawmakers created layered responsibilities according to their role, size and impact in the online ecosystem (European Parliamentary Research Service 2023). Thus, the DSA could pose a challenge for TikTok if the Ireland Data Protection Committee finds non-compliance with the bloc’s regulations. When implemented, the fines could amount up to 6% of the companies revenues – for context, the GDPR currently sets it at 4% (European Parliamentary Research Service 2023). However, on what basis will TikTok be evaluated? The DSA’s obligations for major platforms can be divided into five categories: content moderation, fair design service, advertisements, recommender systems, and transparency (Broughton Micova 2021).
First, regarding content moderation, certified Trusted Flaggers should assess it, and platforms must provide a free-of-charge internal complaint mechanism. Second, to guarantee a fair design of service, the apps are reviewed to reduce the so-called “dark patterns”, meaning the impairment of their users’ ability to make free and informed decisions. Third, platforms are obliged to label advertisements and personalised advertising on minors is banned. Fourth, platforms that provide recommender systems (for example the “For You” page of Instagram) are obliged to clearly explain the main parameters used, and how to modify or influence them. Lastly, the DSA obligates platforms to report periodically where they should explain their decisions about content to a central database maintained by the European Commission (Broughton Micova 2021).
Despite its critics, the DSA is an ambitious proposal as it seeks to make large social platforms responsible for optimising and moderating their content. Although its liability regime is questionable, it brings forward significant changes in the regulation environment as pointed out previously. All five categories recognize the critical role that regulation and monitoring can play in reducing the industry’s problematic practices, especially by placing asymmetric rules to larger social platforms dominating the digital economy today. Therefore, the DSA promotes fundamental rights of digital users and promotes innovation through the establishment of common rules for digital service providers in the European Single Market (Buiten 2021).
TikTok: The industry standard
The question is this, then: are TikTok’s privacy policies any different than other social platforms? The short answer is not really, all social platforms have similar data mining processes. According to Cohen (2021), TikTok collects similar data types than US-owned companies to track user behaviour and serve targeted ads. While some of the information is sent directly to TikTok servers, other is sent to third parties, such as Facebook and Google. For example, TikTok provides Facebook information about specific posts that are viewed and the engagement of the user – such as likes. As a result, all platforms can track a user’s viewing history with a combination of their collected information. It is worth mentioning that there is no evidence of TikTok or Facebook recording audio and video, accessing user files, or reading contact lists without user permission. Yet, one thing is clear: Facebook’s data collection eclipses most other mainstream social media platforms, mainly because of the large centralization of other platforms' data.
Moreover, it is true that TikTok privacy standards are not great – even if the industry standard is not much different. For instance, the app does not allow its users to download all their account data, even when deleting an account (Ali 2020), while Facebook and Google do. Moreover, according to Meyer (2022), TikTok makes more requests at its launch than other social media platforms. Generally, the more network requests an app makes, the more data is being sent from your device to the platform. Last but not least, TikTok’s U.S. privacy policy is unclear about its procedure in the case of a request by the Chinese government (Ali 2020). As of today, evidence shows that there is no overt data transmission to the Chinese government. However, two things are true. One, good practices today do not equal good practices tomorrow. And two, it is possible that non-Chinese servers receive user data and transfer them to servers in China afterwards.
EU and China: the commercial competition impact on TikTok.
Lastly, the discussion on TikTok being an object of EU-China political relations is complex, but their different institutional approaches to the technological commercial models can provide a great start. To start, Beijing has elaborated a series of technological policies that aim to place China closer to the US by 2025, and officially surpass the former superpower by 2030. To do so, Beijing is relying on the new resource of the 4th industrial revolution, data. According to Kai-Fu Lee’s book, AI Superpowers (2018), China’s aim is to benefit from the large market that the Digital Silk Road provides to obtain large pools of data and use them to develop new technologies, mainly to train Artificial Intelligence (AI). Moreover, the country’s model is based on the Public-Private Partnership (PPP) with its tech giants and other start-ups, which ensures enough funds for research and development (R&D) (State Council, 2016). As a result of the export of the Chinese (internet) model, TikTok’s depiction of a business miracle shifted to a state-centred security issue for the international audience.
As for Brussels aspirations, the goal is to achieve (technological) Strategic Sovereignty through legislation (Shapiro 2019), as proven by the DSA. In the technology sector, this reasoning can be explained through three interlinked phenomena. First, the bloc’s technology market remains dominated by US and Chinese firms (Bergsen 2021). Second, there is an enormous amount of EU citizen’s data stored outside the European Union. For example, after TikTok acknowledged the initial data breach – the usage of IP location to spy on European journalists –, the app fully pivoted to Oracle cloud services located in the US (The Guardian 2022). As a result, Brussels is counting on the Biden administration to safeguard their citizens' user data – which has so far not proven sufficient. Lasty, and relating to the former example, the increasingly complex transatlantic relations and the internationalisation of the Chinese (Internet) model have placed the bloc in check. The EU’s leverage is its large consumer market, yet it is limited by the economic dependencies with both the US and China (Pisani-Ferry & Wolff 2019). As a result, the Commission is pushing for internet governance – e.g. the DSA – to uphold the rules-based system, and thus its role as a third power. Moreover, the bloc is interested in dominating the discursive logic and politicising the role of TikTok for its users to be able to have the (Western) moral upper hand in the technological competition to come(Cohen 2021).
In conclusion, and going back to the research question, is TikTok the latest punching bag of EU’s privacy regulation or does it stem from the current EU-China geo-political relations? The answers to both questions are intertwined. Taking into account the history of EU courts ruling data privacy against social platforms, TikTok is just a new round - one more social platform on the list. However, the current pressures to reconstruct the global power structure during the fourth industrial revolution are taking a toll. As a normative power, the EU is using the DSA as a tool to ensure a rules-based order in the technology sector. More precisely, as the EU perceives China as a challenger to such a system, it is convenient to politicise the role of TikTok, even if the evidence suggests that, for better or for worse, it follows the industry standard. The case of TikTok demonstrates how geopolitical tensions can have a big impact on the development of the Internet – and its governance.
About the Author:
Berta Tarrats Castillo holds a bachelor degree in International Relations from Blanquerna - Ramon Llull University (Barcelona, Spain). Her past writing collaborations include El País, ISGlobal, PMFarma and RECERCAT. The main elements of her portfolio include Sustainable Development Goals, the Digital Silk Road, social movements theory and health policy. She is currently working as a digital and innovation consultant in the public sector. You can find her on LinkedIn.
The opinions expressed here are those of the writers and do not represent the views of
European Guanxi.
Do you have an article you would like to share? Write for us.
References:
Albert, J. (2022). A guide to the Digital Services Act, the EU’s new law to rein in Big Tech. AlgorithmWatch. [online] Available at: https://algorithmwatch.org/en/dsa-explained
Ali, A. (2020). Visualizing the social media universe in 2020. World Economic Forum. [online] Available at: https://www.weforum.org/agenda/2020/09/social-media-planets-facebook-twitter-tiktok-youtube-instagram/
Bendiek, A. (2021). The Impact of the Digital Service Act (DSA) and Digital Markets Act (DMA) on European Integration Policy. SWP. [online] Available at: https://www.swp-berlin.org/publications/products/arbeitspapiere/WP0121_Bendiek_Digital_Service_Act_and_Digital_Markets_Act.pdf'
Bergsen, P. (2021). The EU’S unsustainable China strategy. Chatham House. [online]. Available at: https://www.chathamhouse.org/sites/default/files/2021-07/2021-07-07-eu-unsustainable-china-strategy-bergsen.pdf
Broughton Micova, S. (2021). What is the Harm in Size: Very Large Online Platforms in the Digital Services Act. [online] Centre for Regulation in Europe (CERRE). Available at: https://ueaeprints.uea.ac.uk/id/eprint/83031/
Buiten, M.C. (2021). The Digital Services Act from Intermediary Liability to Platform Regulation. Journal of Intellectual Property, Information Technology and Electronic Commerce Law, [online] 12, p.361. Available at: https://heinonline.org/HOL/LandingPage?handle=hein.journals/jipitec12&div=51&id=&page= [Accessed 9 Feb. 2023]
Cohen, J. (2021). How Mainstream Social Media Data Collection Compares With Alt-Tech Rivals. PC Magazine. [online] 15 Jan. Available at: https://www.pcmag.com/news/how-mainstream-social-media-data-collection-compares-with-alt-tech-rivals
European Parliamentary Research Service. (2023) BRIEFING EU Legislation in Progress. European Parliamentary Research Service. [online] Available at: https://www.europarl.europa.eu/RegData/etudes/BRIE/2021/689357/EPRS_BRI(2021)689357_EN.pdf
Lee, K.-F. (2018). AI superpowers : China, Silicon Valley, and the New World Order. Boston ; New York: Houghton Mifflin Harcourt.
Meyer, B. (2022). Data collection cheat sheet: how Parler, Twitter, Facebook, MeWe’s data policies compare. Cybernews. [online] Available at: https://cybernews.com/privacy/how-parler-twitter-facebook-mewe-data-policies-compare/
O'hara, K. and Hall, W. (2018). Four Internets: The Geopolitics of Digital Governance. Center for International Governance Innovation. [online] Available at: https://www.cigionline.org/static/documents/documents/Paper%20no.206web.pdf
Pisani-Ferry, J., & Wolff, G. B. (2019). The threats to the European Union's economic sovereignty. Bruegel. [online]. Available at: https://bruegel.org/2019/07/the-threats-to-the-european-unions-economic-sovereignty/
Satariano, S. (2023). Meta’s Ad Practices Ruled Illegal Under E.U. Law. The New York Times. [online] Available at: https://www.nytimes.com/2023/01/04/technology/meta-facebook-eu-gdpr.html
Shapiro, J. (2019). Strategic Sovereignty: How Europe Can Regain The Capacity to Act. European Council of Foreign Relations. [online]. Available at: https://ecfr.eu/publication/strategic_sovereignty_how_europe_can_regain_the_capacity_to_act/
State Council. (2016). 13th Five-Year Plan for national informatization. Gov.cn. [online]. Available at: http://www.gov.cn/zhengce/content/2016-12/27/content_5153411.htm
The Guardian. (2022). TikTok on defence after report on foreign access of US user data. The Guardian. [online] Available at: https://www.theguardian.com/technology/2022/jul/01/tiktok-user-data-buzzfeed-report-usa
Vinocur, N., Goujard, C., Herrero, O. And Westendarp, L. (2023). Europe turns on TikTok. Politico. [online] Available at: https://www.politico.eu/article/europe-tiktok-china-banned-brussels-video-sharing-app-spying/