The use of TikTok by government officials has been banned in several countries over the past few months, including the Netherlands, Norway, and France. Despite TikTok’s assertion that it operates independently and does not share user data with the Chinese government, many governments remain concerned about its security and data protection. France has gone one step further than other countries by banning all “recreational” apps, including popular social media platforms such as Twitter, Instagram, and Candy Crush, from government-issued devices.
According to Civil Service Minister Stanislas Guerini, recreational apps do not provide adequate levels of cybersecurity and data protection for use on government tools. As such, they could pose a risk to the data protection of administrations and public officials. The ban, which will be monitored by France’s cybersecurity agency, will affect around 2.5 million civil servants. However, exceptions may be granted for institutional communications purposes.
France’s decision to ban all recreational apps is a departure from the approach taken by other Western countries. It signals that France views both Chinese and American technology companies in a similar light when it comes to data protection and cybersecurity. The US and France have had other technology tensions in the past, including over the US Cloud Act and France’s digital-services tax, which the US claimed unfairly targeted American technology giants.
Privacy campaigners have praised France’s decision to ban recreational apps, which they see as an opportunity to question the privacy practices of other apps. People are starting to ask how data is collected and used by social media platforms such as Facebook, Instagram, Snapchat, and Candy Crush, regardless of where the companies are based. While TikTok is currently the focus of concerns because its parent company is in China, France’s move highlights the need for all social media companies to address questions around privacy and data protection.
France has been vocal in its opposition to the US Cloud Act and has been a prominent voice in the Gaia-X project, which aims to address the conflict between the US Cloud Act and the EU General Data Protection Regulation (GDPR). The project also seeks to establish European cloud standards and ensure that customer data is stored and processed in Europe, free from non-European laws.