TikTok is clarifying to its European users that their data may be accessible to employees outside the continent, including in China, amid political and regulatory concerns about Chinese access to user information on the platform, reports The Guardian.

Countries, where TikTok employees may have access to European user data, include Brazil, Canada, and Israel, as well as the United States and Singapore, where European user data is currently stored.

Elaine Fox, TikTok’s head of privacy in Europe, said:

“Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognised under the GDPR [the EU’s general data protection regulation], we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data.”

The data may be used to audit various aspects of the platform, including the performance of its algorithms that recommend content to users, as well as to identify intrusive automated accounts. TikTok previously admitted that some of its users’ data was accessed by employees of parent company ByteDance in China.

The update to the privacy policy, which applies to the UK, the European Economic Area and Switzerland and takes effect on December 2, comes amid political and regulatory pressure over the use of data generated by the app, which has more than a billion users worldwide.

Michael Veale, associate professor of digital law at University College London, said that under the recent EU decision, data transfers between the bloc and China will have to be screened for security. According to the European Court of Justice’s ruling, known as Schrems II, certain data transfers outside the EU must take into account “the level of protection”, with a particular focus on access by public authorities to user data.