Oliver Dowden – 2023 Statement on Security of Government Devices and TikTok

The statement made by Oliver Dowden, the Chancellor of the Duchy of Lancaster, in the House of Commons on 16 March 2023.

As this week’s integrated review refresh demonstrated, the Government are strongly committed to bolstering our national security to meet the challenges of both today and tomorrow. We take the security of Government devices very seriously, and we are constantly working to ensure that those devices remain as safe and secure as possible. As part of that effort, I recently commissioned a review by our cyber-security experts to assess the risks posed by certain third-party apps on Government devices and in particular the installation and use of TikTok. I know that there has been a lot of interest in this issue in the House, so I wanted to take this opportunity to update Members.

The review has concluded and it is clear that there could be a risk around how sensitive Government data is accessed and used by certain platforms. As many colleagues will know, social media apps collect and store huge amounts of user data, including contacts, user content and geolocation data. On Government devices, that data can be sensitive, and so today we are strengthening the security of those devices in two key respects.

First, we are moving to a system where Government devices will only be able to access third-party apps that are on a pre-approved list. This system is already in place across many Departments, and now it will be the rule across Government. Secondly, we are also going to ban the use of TikTok on Government devices. We will do so with immediate effect. This is a precautionary move—we know that there is already limited use of TikTok across Government—but it is also good cyber hygiene.

Given the particular risk around Government devices that may contain sensitive information, it is both prudent and proportionate to restrict the use of certain apps, particularly when it comes to apps where a large amount of data can be stored and accessed. This ban applies to Government corporate devices within ministerial and non-ministerial departments, but it will not extend to personal devices for Government employees or Ministers or the general public. That is because, as I have outlined, this is a proportionate move based on a specific risk with Government devices. However, as is always the case, we advise individuals to practise caution online and to consider each social media platform’s data policies before downloading and using it. Of course, it is the case that Ministers receive regular security briefings and advice on protecting data on their personal devices and on mitigating cyber threats.

We will also be putting in place specific, very limited exemptions for the use of TikTok on Government devices where it is required for operational reasons. Those exemptions will only be granted by security teams on a case-by-case basis, with ministerial clearance provided as appropriate. Overall, this approach aligns with action taken by allies, including the United States, Canada and the EU.

Our security must always come first. Today we are strengthening that security in a prudent and proportionate way, and I commend this statement to the House.