What TikTok Tells Us About Data Regulations and About the Future of Cloud

Donald Trump and Microsoft tangle over the future of TikTok. We analyze the legal ramifications of buying or banning TikTok with China.

A lot of people are talking about the TikTok case right now, with Donald Trump wanting to shut down or have Microsoft buy out TikTok. Does this case show us new fears about China? And how does it impact the way to build Cloud applications serving the world?

Many people are surprised by the brutality of Donald Trump, and are offended to see TikTok either banned or bought by Microsoft. The Chinese are shouting robbery, and we can understand them. If the United States of America did the same thing with a company from my country, I would certainly have the same reaction. However, looking at this subject from a purely legal point of view and in the light of recent events, one might be tempted to believe that these fears are justified.

Data Law in China

As everyone now knows, TikTok is the "China-free" version of an application for China called Douyin. Douyin is operated from Chinese soil, for the Chinese public, and is therefore fully subject to Chinese data law. This law stipulates that individuals have a right to privacy and a right to their data, except two things. 

The first is respect for a number of things under Chinese law. If you insult the Chinese Communist Party, in China, from a Chinese application, you can be sure that your account will be suspended, in addition to the legal risks. All in all, this is a principle found in western jurisdictions, even if it relates more to racist remarks and calls for violence. Rather than the expression of your possible hatred towards the head of your state, for example. 

But the second thing that modulates this right is much more problematic because it stipulates that the "competent authorities" all have a right of access to your data. In China, your life is private, but not for the Communist Party. We, therefore, deduce that any data stored in China can end up in any office of the Chinese Communist Party.

A Paradigm Shift in Data Privacy Law

So far, this has not been a concern for TikTok, as the data is stored in Singapore and the USA for Western users and Hong Kong users.

But a loophole has opened, following the passage of Hong Kong's National Security Act on 30 June 2020. This law, which, among other things, gives impunity to Chinese intelligence agents on Hong Kong soil. The fear was therefore born that data stored in Hong Kong could end up in the hands of the Chinese communist authorities. We have seen TikTok leave Hong Kong soil, but also recently the South Korean company Naver, which moved its data from Hong Kong to Singapore (https://www.zdnet.com/article/naver-transfers-hong-kong-backup-data-to-singapore/).

By the way, (https://www.reuters.com/article/us-tiktok-hong-kong-exclusive/exclusive-tiktok-says-it-will-exit-hong-kong-market-within-days-idUSKBN2480AD), Douyin was already serving Hong Kong, so Hong Kong residents now know which application to turn to.

So we can tell ourselves that everything is going well anyway. TikTok data is no longer in Hong Kong, and is still in Singapore and the USA.

A Legal Bridge Between Singapore and China?

But that's where there's a "but". The data legislation in Singapore, called PDPA, contains a need for clarification, to be modest. This legislation, which is quite similar to the European GDPR, stipulates that data cannot leave Singapore unless the destination country has similar legislation. And guess who does? You guessed it, Hong Kong, with the PDPO. From there to say that the data can transit from Singapore to Hong Kong and then to China... To be honest, it's quite complicated to prove that this "legal bridge" takes place. But there are a few beams of suspicion: 

• The first one is the close collaboration between Singapore and Hong Kong to harmonize their respective rights, among others on the Data Breach issue. This initiative came quite a few times about serious Data Breach happening in these two cities. Why harmonise laws on a new subject to be dealt with in data laws, which were already quite harmonised in passing, if not to facilitate the legal possibility to transfer data freely?
• The second is this seemingly anecdotal legal document. It is a document that a law firm makes its clients sign with whom it contracts, on the subject of compliance with the PDPA and PDPO. This firm operates in many countries, including Singapore and Hong Kong, and, without forcing an over-interpretation of this document, shows that this firm considers PDPA and PDPO to be similar.
• Finally, the third document is a document issued by a group of independent law firms, which compares on page three the jurisdictions of a number of countries, and it is clear that the only difference concerns the consideration of sensitive information. This does nothing more than limit the transfer of data from Hong Kong to Singapore, but not the other way around.

cloud legal singapore china data privacy acquisition tiktok

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Hybrid cloud helps you streamline your data and cloud goals by providing flexibility, speed, and detail. Learn how your organization can take advantage.

The agenda of the talk included an introduction to 3D data, its applications and case studies, 3D data alignment and more.

If you run a website, a data lake or a data science platform, you have to protect it against hackers. Cloud simplifies, but doesn't solve security entirely. Why security is everyone's responsibility? Between 2015 and 2018, I was leading a data engineering team for a financial services company. We were the first team in the company to use Azure, and we built a data science environment.

A data lake is totally different from a data warehouse in terms of structure and function. Here is a truly quick explanation of "Data Lake vs Data Warehouse".