The main EU governing institutions on Thursday banned their staff from installing TikTok on devices used for work amid concerns over data protection, in a move that provoked an angry response from the company.

TikTok, whose parent company ByteDance is Chinese, has faced increasing Western scrutiny in recent months over fears about how much access Beijing has to user data.

The ban affects staff at the European Commission and European Council, which represents member states, but the European Parliament has not yet taken a similar decision.

The new rules mean staff cannot use the video-sharing app on work devices and personal devices, such as phones, that have official EU email and communication apps installed.

The Commission said its employees must remove the app as soon as possible and should do so by March 15.

EU spokeswoman Sonya Gospodinova said the corporate management board of the Commission, the EU’s executive arm, had made the decision for security reasons.

“The measure aims to protect the Commission against cybersecurity threats and actions which may be exploited for cyberattacks against the corporate environment of the commission,” she said.

European Council spokesman Barend Leyts told AFP it “will be uninstalling the application on corporate devices and requesting staff to uninstall it from personal mobile devices that have access to corporate services”.

A spokesperson for TikTok said “we believe this suspension is misguided and based on fundamental misconceptions”.

‘Disappointed’

EU industry commissioner Thierry Breton pointed to the cybersecurity risks he said had informed the Commission’s decision.

“As an institution, the European Commission has, from the beginning of the mandate, a very strong focus on cybersecurity, protecting our colleagues and, of course, everyone who is working here in the Commission,” Breton told reporters.

In November, TikTok admitted some staff in China can access the data of European users. The company however denies that the Chinese government has any control or access.

TikTok on Thursday stressed it protects the data of its 125 million monthly users in the European Union and was taking steps to strengthen data security.

It later said it had requested a meeting with the Commission “to set the record straight”.

“We’re continuing to enhance our approach to data security, including by establishing three data centres in Europe to store user data locally; further reducing employee access to data; and minimising data flows outside of Europe,” the firm said.

The United States last year banned the app from federal government devices, and some US lawmakers are trying to prohibit TikTok from operating in the United States.

Last month, the Dutch government reportedly advised public officials to steer clear of the app over similar concerns.

The European Parliament on Thursday said it was “monitoring and assessing all possible data breaches related to the app” and would consider the Commission’s evaluation before making recommendations.

Tough line on tech

TikTok chief executive Shou Zi Chew was in Brussels last month for talks with EU officials during which they warned the Chinese-owned platform to ensure the safety of European users’ data.

The company has promised to further reduce employee access to data. TikTok also promised last year to hold US users’ data in the United States to allay Washington’s concerns.

The European Union has taken a tough line on technology companies, passing two major laws to make sure social media platforms adhere to the bloc’s rules on digital issues.

The Digital Services Act (DSA) forces social media platforms, online marketplaces and search engines to react more quickly to remove content deemed in breach of EU regulations.

The other, the Digital Markets Act (DMA), prohibits anti-competitive behaviour by the so-called “gatekeepers” of the internet.