There will be no specific ban on civil servants installing TikTok on State-owned devices under new guidelines being developed.
Several jurisdictions, including the UK and the Netherlands, have restricted the use of the social media app on government devices due to data protection and privacy concerns linked to the relationship between the company and the Chinese state.
Minister of State for eGovernment Ossian Smyth said the National Cyber Security Centre (NCSC) will shortly issue the new guidance to Government departments for use in developing policies for devices assigned to their civil servants.
“That guidance doesn’t name specific companies, it describes how to measure the type of risk from different types of apps and what type of precautions to take in which circumstances. It doesn’t particularly name any apps or any companies,” he said.
He said the decision was made based on evidence and an assessment of risk. “We look and see what type of behaviour is risky and say ‘this is the type of app that should be restricted in certain circumstances’”.
He said the advice would be issued based on risk rather than in relation to any particular vendor or country. He said there is “more than one risky app out there”. Every Government department has restrictions on what apps are allowed on their devices, some of which are strict. He said the NCSC is going to issue broad guidance on how devices will be managed.
“It will have to be risk based, it will have to be evidence based, it won’t be about naming a particular company or a particular app,” Mr Smyth said. He said he didn’t have TikTok on his own phone and that there were two investigations by the Data Protection Commissioner at the moment.
“I think that people should have the minimum number of third party apps on their phones at any time, I don’t think that a work phone should be used for things that are not related to work,” he said, adding that phones shouldn’t be issued to people who don’t need them.
Asked about whether procurement rules could restrict the scope for sensitive government contracts to go to companies where data protection concerns exist, Mr Smyth said concerns around procurement in places like Garda Stations or in Leinster House were “not as emphasised” previously.
He said the NCSC will shortly issue new guidance on procurement for sensitive locations or defence purposes. “There hasn’t been a specific emphasis on that type of procurement,” he said, but now detailed guidance will come out before the summer, he said.