The original post was published on 3 November 2022.
Update 16 November 2022
This story has developed further with FBI Director Christopher A. Wray describing to the US Congress how China could exploit Tik Tok:
FBI Director warns of potential Chinese gov’t exploitation of TikTok – The Record by Recorded Future
Original Post
…when you click OK to TikTok’s privacy agreement.
TikTok has made it clear that a range of user data and information, from around the world, is being made available to staff in the apps home country – China. Raising concerns that this data could then be accessed by Chinese authorities under their data access laws.
The reason TikTok allows this access, is that staff use this data to do their jobs making TikTok “consistent, enjoyable and safe”. Other countries where European data, (even with Brexit we are included in Europe), is shared include the United States, Brazil, Israel and Singapore.
TikTok tells European users its staff in China get access to their data | TikTok | The Guardian
This is a complicated situation. TikTok states it exercises control over the access using the principles of GDPR (UKGDPR). Let’s hope they use the “principle of least privilege” and segregate the information and it is not just a free for all. If you have a similar situation, but not on the scale of TikTok, maybe you are using a coding team or admin staff in India or the Philippines (examples from my clients), you will need some data controls in place.
I wrote about this issue of data sovereignty a couple of weeks back and pointed you at an Intel survey they are conducting on the issue.
Clive Catton MSc (Cyber Security) – by-line and other articles