EU Committee Probes TikTok, UK’s Updated GDPR

European Union lawmakers have criticized the British government’s updated privacy bill over concerns that it fails to adequately protect European citizens’ fundamental rights. Lawmakers also heard from the Irish data authority on the status of its pending TikTok inquiry.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

At a European Parliament hearing on Tuesday, members of the Civil Liberties, Justice and Home Affairs committee quizzed U.K. Information Commissioner John Edwards on the proposed Data Protection and Digital Information Bill.

The bill, introduced in March, proposes modification to the U.K. General Data Protection Regulation, the European privacy law that Britain adopted prior to its decision to exit from the European Union in 2015 (see: UK Reintroduces Bill Proposing Modifying Country’s GDPR).

With the expiration of the U.K.’s GDPR adequacy standards issued by the European Commission in 2021 drawing closer, Committee Chair Juan Fernando López Aguilar expressed his “worry” about the ongoing reforms proposed by the U.K government. He said the U.K. Information Commissioner’s office had failed to adequately answer a number of questions raised by the committee during its November visit to the United Kingdom to review the renewal of the adequacy decision.

Tuesday’s meeting provided an opportunity for the lawmakers to quiz the U.K. information commissioner on these concerns, including the bill’s renewed focus on streamlining GDPR implementations for businesses, which appears to be a “setback” from European data standards, said Jeroen Lenaers, a Dutch member of the European Parliament.

Leaners said the U.K. government’s communications about the bill have been confusing, and the government has touted the bill as being a break a from the “Brussel bureaucracy,” while also claiming that its core ideas are based on EU GDPR laws.

Birgit Sippel, a member of the European Parliament and the Social Democratic Party of Germany, said the bill appears to be “pro-business,” and its proposed revisions such as granting the U.K.’s greater secretary of the state the power to intervene in a GDPR decision could threaten the independence of the body.

Responding to the criticism, Edwards said the proposed bill only enhances the ICO’s power in resolving GDPR privacy violations. “The bill follows the European model of international transfers, so the European agencies should not be concerned about the onward transfer of European data to countries with limited safety standards.”

On the question of whether the proposed bill could challenge the adequacy decision obtained by the U.K., Edwards said the country “values the adequacy” and that “nothing in the bill will jeopardize this position.”

TikTok Delays

The committee also quizzed Helen Dixon, Irish data protection commissioner, on the delay in the Irish regulator’s pending investigations into Chinese video-sharing app TikTok.

The Irish Data Protection Commission in September 2021 opened two separate probes into the app’s handling of children’s data and the transfer of European data to China. At the hearing, lawmakers said the Irish DPC’s delay in finalizing its decision is putting data of European citizens at the risk of Chinese surveillance.

Patrick Breyer, a member of the European Parliament and the German Pirate Party, criticized the narrow scope of the DPC’s investigation, saying the agency’s probe only addressed a “fraction of the privacy concerns” tied to the platform.

“The app reportedly uses excessive permissions and device information collection,” Breyer said. “If you remain as inactive as this, as you have been for years, you know this will continue to call into question your competence for [overseeing] the social media companies in Ireland.”

In response, Dixon pledged the DPC’s final decision on TikTok will be released this year. She added that her agency is currently awaiting the final submissions from the company after having submitted its draft decision.