The European Union warned online giant TikTok on Tuesday to respect EU law and ensure the safety of European users’ data, as the video-sharing app’s CEO met with top officials in Brussels.
TikTok, whose parent company ByteDance is Chinese, has come under fierce Western scrutiny in recent months over concerns about how much access Beijing has to user data.
TiKTok chief executive Shou Zi Chew held official talks for the first time with EU vice presidents Margrethe Vestager and Vera Jourova, the bloc’s home affairs commissioner Ylva Johansson and justice commissioner Didier Reynders.
“I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators,” Jourova, whose portfolio includes the protection of EU values, tweeted alongside a video of their meeting.
“There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities,” she said.
In November, TikTok admitted that some staff in China can access the data of European users — but Chew told Jourova the company was working on a “robust” system for processing Europeans’ data in Europe, an EU spokesman said.
Theo Bertram, TikTok’s vice president of public policy in Europe, later said the company explained during the talks how it was “further strengthening data security in Europe, including by establishing our European data centre operations in Ireland”.
ByteDance is already under investigation by the Irish privacy regulator over whether it violated the EU’s data protection law, the GDPR, with its processing of children’s personal data and transfers of data to China.
“I insisted on the importance for TikTok to ensure full compliance with GDPR and cooperate with the DPC,” Reynders said.
The EU has also stepped up its fight against disinformation with a strengthened code of practice, and Jourova said TikTok would deliver a first report on the issue by the end of January. “Transparency will be a key element,” she said.
The EU has built a legislative arsenal targeting technology companies, passing two major laws to ensure that social media platforms follow the bloc’s rules on digital issues.
The Digital Services Act (DSA) forces social media platforms, online marketplaces and search engines to react more quickly to remove content deemed in breach of EU regulations.
The other, the Digital Markets Act (DMA), prohibits anti-competitive behaviour by the so-called “gatekeepers” of the internet.
Jourova said that TikTok and others must “swiftly get ready for compliance with the new EU digital rulebook”, referring to the DSA and DMA.
“It’s a top priority for us to be ready for this,” Bertram wrote on Twitter, saying the Brussels talks focused on “our commitment to compliance with regulations”.
Last month, TikTok admitted that ByteDance staff accessed data from the app to track journalists in a bid to identify the source of leaks to the media.
The company denies that the Chinese government has any control or access.
But Washington has banned the app from federal government devices, and some US lawmakers are trying to prohibit TikTok from operating in the United States.
Last year, TikTok said it was working on a plan to allay Washington’s concerns by holding US users’ data in the United States.
Chew will also hold a video call with Thierry Breton, the EU’s top official for enforcing digital regulation, on January 19.
Related: Five Ways TikTok Is Seen as Threat to US National Security
Rrlated: FBI Director Raises National Security Concerns About TikTok
Related: TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
