A meeting between TikTok’s CEO, Shou Zi Chew, and senior European Union lawmakers which took place today saw the video sharing platform’s chief executive quizzed on a range of topics — including its preparations to comply with incoming pan-EU rules focused on content governance and safety (aka the Digital Services Act; or DSA), and its approach to existing rules on privacy and data protection (including the General Data Protection Regulation).
Other topics the EU said its commissioners brought up in the meetings with Chew included child safety, Russian disinformation and the transparency of paid political content.
TikTok has faced a range of regulatory scrutiny across the bloc in recent years, including complaints from consumer protection authorities and a number of interventions by data protection authorities — as well as having two open GDPR enquiries in Ireland (one into TikTok’s processing of children’s data; and another into its data transfers to China), which began in 2021.
In recent years it has also sought to respond to regional concerns about data security by opening one of its so-called “transparency and accountability centers” to host visitors from the bloc and field their questions. Plus it’s undertaking a data localization project — that will see EU users’ information stored in a Dublin based data center — as another response to data protection and security concerns (although that project has faced delays and can’t entirely fix the data transfer issue since TikTok has admitted some non-EU-based staffers can access EU user data).
More regulatory scrutiny is coming as this year TikTok could also face direct oversight by the European Commission itself — if it’s deemed to meet “gatekeeper” criteria under the Digital Markets Act (DMA).
The DMA, which came into force at the start of November and is set to start to apply from early May, is intended to supplement traditional ‘after the fact of abuse’ antitrust regulation by applying a proactive set of operational ‘dos and don’ts’ to the most powerful, intermediating platforms and will put some hard limits on anti-competitive practices like self-preferencing (as well as introducing some firm requirements in areas like interoperability and data portability). So EU compliance requirements for platforms that fall under the DMA regime will step up considerably.
While it’s not yet confirmed whether TikTok will be designated a core platform service subject to the DMA, there’s no doubt that fostering a solid working relationship with the bloc’s executive is in its strategic interests — as the Commission will be making designations and overseeing compliance for both the DMA and for a layer of additional obligations that will apply to a subset of larger platforms (so called VLOPs) under the DSA — a category TikTok is almost certain to fall into (even if it avoids being designated a DMA gatekeeper).
The DSA also entered into force last November but the bulk of provisions won’t apply before February 2024. However VLOPs have a shorter implementation period — with compliance expected to be up and running later this year; platforms are given four months for implementation after a VLOP designation is made (so by mid year the DSA is likely to be force for a first wave of VLOPs).
Talking of strategic interests, the chaos of Elon Musk’s erratic leadership of rival social network Twitter also arguably creates an opportunity for TikTok to present a more cooperative face to the Commission — and seek to win friends (or at least avoid making enemies) among commissioners who are gaining powerful new oversight capabilities (and enforcement powers) atop digital platforms this year.
It’s clear the Commission is dining out on the photo opportunities of a Big Tech CEO coming in person to Brussels to press commissioner flesh.
In a statement following a meeting between TikTok’s CEO and the EU’s EVP and head of digital strategy, Margrethe Vestager, the Commission said:
The objective of the meeting with TikTok was to review how the company is preparing for complying with its obligations under the European Commission’s regulation, namely the Digital Services Act (DSA) and possibly under the Digital Markets Act (DMA). At the meeting the parties also discussed GDPR and matters of privacy and data transfer obligations with a reference to the recent press reporting on aggressive data harvesting and surveillance in the US.
The EU’s VP for values and transparency, Věra Jourová, also had a face-to-face meeting with Chew — and the EU said she asked about several concerns, including the protection of personal data of Europeans and steps TikTok is taking to address disinformation on its platform, as well as raising a recent controversy when TikTok was accused of using the data of journalists to try to identify the source of internal leaks.
In a read-out of the meeting, the EU said Jourová “appreciated” the fact that TikTok joined the bloc’s Code of Practice on Disinformation (2020) and how it “swiftly implemented EU sanctions against Russian propaganda outlets”, as it put it.
(One wonders if this flavor of public praise by the EU is also a subtle sideswipe at Musk and Twitter — given some blatant snubs the latter has doled out to Brussels in recent months, such as the shuttering of its local policy office.)
The EU’s read out also notes that it acknowledges TikTok “recognises that non-EU state actors try to manipulate the content on the platform to spread disinformation and puts efforts to address this issue”, adding the company informed it it is investing in Ukraine and will deliver a detailed report under the Disinformation Code.
(That might make interesting reading — given a study last spring found Russian state propaganda to be flourishing on TikTok in spite of a claimed ban on uploads.)
After being questioned by Jourová about the awkward issue of the (ab)use of the data of journalists to try to identify internal leakers, the EU said Chew confirmed this was wrong and told it the people responsible for the incident no longer work for the company. (And there’s also a tacit contrast with the EU recently warning Musk about the arbitrary suspension of journalists who had been reporting on Musk’s decision making at Twitter.)
Per the EU, the TikTok CEO also discussed TikTok’s efforts around GDPR compliance — and talked about its investment in content moderation practices, which he told it aim to limit the effect of hate speech and other “toxic content”.
Chew also used the opportunity of facetime with EU commissioners to claim TikTok’s “mission is to inspire creativity and bring joy” — rather than, y’know, dwelling on awkward accusations (and/or moral panic) that the platform is a societal manipulation project/’tool of cultural control’ targeted as Western kids and with authoritarian links to the Chinese state…
In a statement after the meeting, Jourová avoided direct reference to such concerns — opting instead for more diplomatic language about the need for TikTok to ‘regain regulatory trust’:
I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining trust of European regulators. There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities. It is important for TikTok and other platforms to swiftly get ready for compliance with the new EU digital rulebook, the Digital Services Act and the Digital Markets Act. I am also looking forward to seeing the first report under the new anti-disinformation Code to be delivered by the end of January. Transparency will be a key element in this regard.
The two current GDPR probes of TikTok in Ireland remain ongoing — with, per the regulator, the prospect of the children’s data enquiry being wrapped up by (or before) the middle of this year (depending on how quickly disputes between DPAs can be settled). While the China data transfers enquiry could also reach a decision around mid year — but, again, we understand there are a variety of factors in play that could spin out the process so a final decision might not appear until the end of the year.
TikTok was contacted for its view on the EU meetings but at the time of writing the company had not responded.