In the next update to its privacy policy, which will be online on December 2, TikTok will indicate that Chinese employees can access the data of French users. Before specifying it explicitly, the platform had already confirmed these transfers, without warning the Internet users affected.
Questioned by Tech&Co on this issue, TikTok assures that “the data is not accessible to employees but to a very limited and extremely controlled number of people outside of Europe to provide 24/7 assistance to our global community and guarantee a safe experience in the platform”. “.
Information obligation
Last July, the platform did not deny that employees have access to data from China, but it did not appear in the privacy policies. “This practice was illegal because TikTok did not respect the obligation to inform its users,” says Maître Laure Landes-Gronowski, a lawyer specializing in digital, from Tech&Co.
TikTok says the update to its privacy policy “includes greater transparency about how” the company shares “user information outside of Europe.” Transparency is all the more necessary as TikTok is committed to sharing the interests of the Chinese government, like the vast majority of technology companies in the country.
secure your back
For her part, the lawyer Anne-Marie Pecoraro, associated with the UGCC law firm, believes that this update is intended above all for TikTok to cover its back in the event of an investigation by the personal data regulator in Ireland, where it is located. company installed. for the European market.
“TikTok’s privacy policy was previously written in a way that was open enough to suspect that there was an open door to this international transfer of data. Today’s announcement seems to show that TikTok prefers to say it and show it, as a precautionary measure.” . estimates Anne-Marie Pecoraro of Tech&Co.
“The interested party must in any case be aware of what we are going to do with their data,” he recalls, referring to the vagueness that still exists around the precise treatment reserved for said data in China. “In the absence of information about the nature of previous data transfers, it is impossible to know if they were lawful,” he adds.
For its part, the European Union can act through cooperation between the control authorities of the countries and give rise to sanctions in the event of non-compliance with the rules. This can reach a fine of 20 million euros or the equivalent of 4% of the company’s annual turnover.
With Tech&Co, the CNIL specifies that the European Data Protection Board (EDPB) has established, since 2020, “a working group to coordinate potential actions and acquire a more complete view of the processing and practices of TikTok in the European Union” .
Source: BFM TV
