Europe should regulate TikTok, not ban it

DISCLAIMER: All opinions in this column reflect the views of the author(s), not of Euractiv Media network.

The freshly minted Digital Services Act (DSA) gives the EU the power to investigate concerns about algorithmic manipulation and other interference. [Shutterstock/Ascannio]

Brussels should not be led by the US but by its own Digital Services Act and the GDPR, as doing otherwise would subvert its prized new internet regulation, write Kai von Carnap and Antonia Hmaidi. 

Kai von Carnap and Antonia Hmaidi are analysts for Science, Technology and Innovation at the Mercator Institute for China Studies (MERICS).

With TikTok’s meteoric rise to become one the world’s most profitable internet platform in 2022, liberal democracies have grown concerned that the Chinese Communist Party (CCP) could use the site to interfere in democratic processes and that user data might not be protected against espionage and other cyber threats.

But while the US Congress is debating whether to single out TikTok with an outright ban, the EU should use its unique legal powers to take an actor-agnostic approach – and use TikTok as a test case for new digital regulation.

Concerns about CCP interference and data protection are not unfounded. TikTok claims to be an independent company, but reports have shown that it promotes positive regime narratives and deprioritizes content unfavourable to the CCP, such as queer topics and human rights violations in Xinjiang.

The company acknowledges it shares data with corporate parent ByteDance in China (including a subsidiary controlled by a cyber regulator and dozens of ex-propaganda officers). Beyond that, Beijing’s tech rectification campaign has slashed private tech companies’ autonomy and brought new laws giving authorities to access data.

But while it would be irresponsible to dismiss suspicions of possible influence by China’s party-state, the evidence against the CCP and TikTok in core issues is inconclusive.

It remains questionable whether the CCP strategically promotes specific content with malign intent and whether anti-democratic tendencies relayed via TikTok are worse than on other platforms.

The latter point alone suggests liberal democracies should translate their TikTok panics into a soberer (and long overdue) look at all platforms, the likes of Meta eventually included.

The EU has pioneered internet regulation and first scrutinizing TikTok could prove its regime is indeed, as it claims, “fit for the digital age”. The freshly minted Digital Services Act (DSA) gives the EU the power to investigate concerns about algorithmic manipulation and other interference.

Under the DSA, TikTok and its 150 million EU users will be classified as a “very large platform” and from 2024 have to ensure algorithmic transparency in areas like child protection and its recommender system. This will allow the EU to judge whether TikTok’s algorithm is programmed to spread disinformation and influence democratic institutions.

Secondly, the seven-year-old General Data Protection Regulation (GDPR) has given the EU a robust data protection and data privacy framework.

In addition, under the moniker “Project Clover”, TikTok and EU regulators are working on ways to address European concerns in both areas. EU users’ data would be stored in data centres in Ireland and Norway, operated by a third-party provider and audited and controlled by another company.

TikTok plans to finish migrating data in 2024 and it will be up to the EU to give its thumbs up or thumbs down.

There is a chance that European regulators will not be satisfied. It remains to be seen whether TikTok will be able to comply with the DSA, as one Chinese ministry has already indicated that they could invoke recently expanded export controls to prevent foreign access to TikTok’s algorithm.

Developed in China by parent ByteDance, this TikTok code shares close ties with the algorithm of sister app Douyin, China’s most popular video-sharing platform.

China’s government might baulk at the EU getting a closer look at this software and not allow its export, or ByteDance might itself decide against revealing its algorithm to EU regulators.

TikTok might also be unable to ensure – and reliably prove – that user data is protected in Europe. As unique and costly as Project Clover is, it remains unclear whether what TikTok says will be a €1.2 billion annual investment can sustainably reconcile Europe’s GDPR requirements with the company’s aggressive business model.

User-behaviour information and other data in Europe will have to remain accessible to ByteDance in order to improve user engagements and targeted ads, so concerns about foreign interference could well persist.

With sound regulation in place, the EU really has no choice but to follow its own rules. An impromptu ban without convincing evidence would make a mockery of Europe’s democratic processes and subvert its prized new internet regulation before ever being applied.

But this also means the EU would have to allow TikTok to operate in the EU if it was found to be in compliance with both the DSA and GDPR – as would be the case with other apps from China or other authoritarian countries found similarly compliant in the future.

The outcome of making TikTok a test case for EU digital regulation remains as uncertain as any timeline long. At launch, Project Clover will be two years behind schedule and the DSA’s review process has never been tested.

That makes ad hoc bans on TikTok on government devices or used by members of the European Commission and other people in strategically important positions reasonable interim precautions should TikTok eventually prove unable or the Chinese government unwilling to help address EU concerns convincingly.

But banning TikTok on all devices in Europe based on current publicly available evidence would appear as bowing to pressure from the US, where TikTok seems to catalyse bipartisan support for China’s tech containment more than constructive attempts to address worries about algorithmic interference and data protection.

Europe should not be led by the USA, only by the DSA and GDPR. By upholding its regulations, it could set an example to the world of how to constructively tackle problems at the heart of the digital economy.

Subscribe to our newsletters

Subscribe