The European Union warned online giant TikTok on Tuesday to respect EU law and ensure the safety of European users’ data, as the video-sharing app’s CEO met with top officials in Brussels.
TikTok, whose parent company ByteDance is Chinese, has come under fierce Western scrutiny in recent months over concerns about how much access Beijing has to user data.
TiKTok chief executive Shou Zi Chew held official talks for the first time with EU vice presidents Margrethe Vestager and Vera Jourova, the bloc’s home affairs commissioner Ylva Johansson and justice commissioner Didier Reynders.
“I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators,” Jourova, whose portfolio includes the protection of EU values, tweeted alongside a video of their meeting.
“There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities,” she said.
In November, TikTok admitted that some staff in China can access the data of European users — but Chew told Jourova the company was working on a “robust” system for processing Europeans’ data in Europe, an EU spokesman said.
Theo Bertram, TikTok’s vice president of public policy in Europe, later said the company explained during the talks how it was “further strengthening data security in Europe, including by establishing our European data centre operations in Ireland”.
ByteDance is already under investigation by the Irish privacy regulator over whether it violated the EU’s data protection law, the GDPR, with its processing of children’s personal data and transfers of data to China.
“I insisted on the importance for TikTok to ensure full compliance with GDPR and cooperate with the DPC,” Reynders said.
The EU has also stepped up its fight against disinformation with a strengthened code of practice, and Jourova said TikTok would deliver a first report on the issue by the end of January. “Transparency will be a key element,” she said.
The EU has built a legislative arsenal targeting technology companies, passing two major laws to ensure that social media platforms follow the bloc’s rules on digital issues.
The Digital Services Act (DSA) forces social media platforms, online marketplaces and search engines to react more quickly to remove content deemed in breach of EU regulations.
The other, the Digital Markets Act (DMA), prohibits anti-competitive behaviour by the so-called “gatekeepers” of the internet.
Jourova said that TikTok and others must “swiftly get ready for compliance with the new EU digital rulebook”, referring to the DSA and DMA.
“It’s a top priority for us to be ready for this,” Bertram wrote on Twitter, saying the Brussels talks focused on “our commitment to compliance with regulations”.
Last month, TikTok admitted that ByteDance staff accessed data from the app to track journalists in a bid to identify the source of leaks to the media.
The company denies that the Chinese government has any control or access.
But Washington has banned the app from federal government devices, and some US lawmakers are trying to prohibit TikTok from operating in the United States.
Last year, TikTok said it was working on a plan to allay Washington’s concerns by holding US users’ data in the United States.
Chew will also hold a video call with Thierry Breton, the EU’s top official for enforcing digital regulation, on January 19.
Related: Five Ways TikTok Is Seen as Threat to US National Security
Rrlated: FBI Director Raises National Security Concerns About TikTok
Related: TikTok Hit by US Lawsuits Over Child Safety, Security Fears

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- GoAnywhere MFT Users Warned of Zero-Day Exploit
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
Latest News
- SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022
- 20 Million Users Impacted by Data Breach at Instant Checkmate, TruthFinder
- Cyber Insights 2023 | Zero Trust and Identity and Access Management
- Cyber Insights 2023 | The Coming of Web3
- European Police Arrest 42 After Cracking Covert App
- Florida Hospital Cancels Procedures, Diverts Patients Following Cyberattack
- VMware ESXi Servers Targeted in Ransomware Attack via Old Vulnerability
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
