Following a thorough risk analysis by the National Cyber Security Centre (NCSC), employees of government departments and agencies have been told to remove TikTok from their work-related devices, The Irish Times reported.
The NCSC said that its evaluation “leant heavily on the experiences” of the European Commission, the European Union, the UK, and other organisations in addition to being in line with procedures in other nations.
Due to data protection and privacy concerns related to the company’s relationship with the Chinese government, a number of nations, notably the UK and the Netherlands, have blocked the use of social networking app on government computers.
Use of the app is no longer allowed under the guidelines outlined in the Acceptable Usage Policy for Irish State employees, according to The Irish Times.
On Friday, parent departments and then staff received a message outlining the instructions, which The Irish Times obtained. They were instructed to remove the Chinese-owned social media app from any devices that were already running it and stopping installing the programme altogether.
A spokesperson of the Department of Communications, which is in charge of the NCSC, said the restriction extends to all departments, agencies, and other government entities falling under their purview, with the exception of “exceptional cases where there is a business need,” as per The Irish Times.
The spokesperson added, “This recommendation was informed by a detailed risk assessment carried out by the NCSC, and extensive engagement with relevant stakeholders, including the Data Protection Commission (DPC), the European Commission and other Member States.”
The Irish Times reported that the department sees it as being complementary to current security measures based on the 2021 Cyber Security Baseline Standards Framework intended to increase the security and resilience of public sector ICT systems.
Analysts weren’t overly surprised by the decision because similar bans had been implemented by the European Commission and the US, two countries that have expressed privacy concerns.
Chief Executive of BH Consulting, which specialises in cybersecurity and data protection, Brian Honan said. “The primary concern they have is that TikTok may be forced by the Chinese Government to hand over data from their user base and if some of them are Government employees that may enable the Chinese Government to do espionage or surveillance on those people,” adding, “It’s no big surprise the Irish Government has [gone] the same way.”
Minister of State for eGovernment Ossian Smyth, last month, indicated the NCSC was due to issue new guidance to the Government around policies for devices assigned to their civil servants.
He said, “That guidance doesn’t name specific companies; it describes how to measure the type of risk from different types of apps and what type of precautions to take in which circumstances. It doesn’t particularly name any apps or companies.
Contacts, photos, location information, and user interactions with other applications are among the types of information that may be accessible through social media apps.
Honan noted that identical functionality could be found in other social networking apps that are situated in different countries.
In reference to State agency staff and other potentially vulnerable users, “If you’re going to ban TikTok well then we should be banning other social media apps as well.”
The action taken on Friday is a sign of deepening discomfort with China and related security issues. The European Commission issued a directive to its workforce in February 2017 ordering them to immediately uninstall any commission-related apps from all work-related and personal devices.
Apps like Skype for Business and the commission’s internal email were scheduled to be removed from devices that continue to use TikTok, which is controlled by Beijing-based ByteDance, starting in the middle of March.
TikTok responded to the commission’s ruling by saying it was “disappointed with the decision, which we believe to be misguided and based on fundamental misconceptions,” reported The Irish Times.
In an era of escalating geopolitical tensions, the company has promised it will not provide the Chinese Government access to user data, but this hasn’t done much to allay worries.