Other countries in which some TikTok staff have access to European user data include Brazil, Canada, Israel, Japan, Malaysia and the Philippines.
TikTok has confirmed that employees in China and a host of other countries have remote access to European user data.
In an update yesterday (2 November), TikTok head of privacy for Europe Elaine Fox said that user data from the European Economic Area, Switzerland and the UK can be accessed by some staff in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea and the US.
Until now, the company owned by Chinese business ByteDance had only revealed that European user data was stored in the US and Singapore.
Concerns have been raised about Chinese access to user information on the video sharing platform. Last year, Ireland’s Data Protection Commissioner said some of TikTok’s EU data may be accessible to teams in China and there was “intensive engagement” with the company about how it manages data.
The Irish watchdog, which is the lead supervisor for TikTok under the EU’s data protection rules, then opened an inquiry into the company’s transfer of data to China and its compliance with GDPR when it comes to transferring data to third countries.
But she detailed that “certain employees” in the listed countries have remote access to European TikTok user data “based on a demonstrated need to do their job”.
This access is subject to “a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR,” she added. “Security controls include system access controls, encryption and network security.”
TikTok’s tussle with regulators
This update comes at a time when the popular social video app is coming under scrutiny across the globe for its data practices. Last month, it was announced that TikTok may be fined £27m in the UK for failing to protect the privacy of children on its platform.
As well as its inquiry into data transfers to China, the Irish Data Protection Commission also launched an inquiry last year into how TikTok processes the personal data of children.
“In order to operate a global platform designed for sharing joyful content, we rely on a global workforce to ensure that our community’s TikTok experience is consistent, enjoyable and safe,” Fox said.
“TikTok does not collect precise location information, whether based on GPS technology or otherwise, from users in Europe.”
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.