TikTok is a short-form video sharing app that has seen meteoric growth since launching outside of China in 2017. Within just a few years, TikTok has been downloaded over 3.3 billion times and has over 1 billion monthly active users as of 2022 [1]. It has quickly become one of the most popular and fastest growing social media platforms globally. TikTok’s popularity lies in its algorithmic “For You” feed that delivers personalized video content to each user. The app makes creating and sharing short videos simple and fun through built-in editing tools and viral trends. TikTok has given rise to a new generation of online creators and transformed youth culture and online entertainment.
User Data Collected
TikTok collects a wide range of user data from profiles, contacts, location information, and messages. According to OCHOLAVENUE (https://ocholavenue.com/what-user-data-does-tiktok-collect/), TikTok gathers user profile information such as username, profile photo, user-generated content, and any other data users provide in their bios. It also accesses user phone contacts if permission is granted. TikTok tracks user location data and GPS coordinates when the app is in use. Additionally, any messages sent within the app can be collected and analyzed by TikTok.
Video Viewing Data
TikTok collects extensive data on the videos users watch on the platform. According to TikTok’s analytics page in the Creator Portal, it tracks total views, likes, comments, shares, and average watch time for each video (Understanding your analytics | Creator Portal). This allows creators to analyze performance and optimize content.
TikTok also tracks every video a user watches as well as how long they engage with each video. This data enables TikTok to understand users’ interests and preferences to feed them personalized recommendations (4 TikTok Analytics Tools That Do the Math for You). The more a user interacts with certain types of videos, the better TikTok gets at recommending relevant content.
According to reports, TikTok logs details about videos viewed including the video ID, duration, percentage watched, and more. By aggregating user viewing data, it can categorize users based on their interests and habits (All the ways TikTok tracks you and how to stop it).
In-App Behavior
TikTok tracks a significant amount of in-app behavior, including searches, content clicks, and engagement. According to The Guardian, TikTok has the ability to monitor every tap and keystroke within the app. This includes text typed into the search bar, clicked links, liked videos, shared content, and more. The app can log what users are searching for, how they engage with certain videos, their interests based on viewed content, and overall in-app habits. TikTok likely leverages this granular data for targeted advertising and recommendations. While users expect some tracking within the app, the extent to which TikTok can monitor taps and engagement down to the keystroke provides significant insight into user behavior.
Device Data
TikTok collects a significant amount of data from user devices. This includes the device ID, operating system, and network information 1. The device ID allows TikTok to track a user across multiple devices. The operating system data shows what OS a user is on, such as iOS or Android. Network information like IP address, wifi network names, and cellular network information allows TikTok to identify users and their locations.
TikTok is able to paint an extensive picture of a user from their device data. A cybersecurity firm claimed TikTok’s device data collection could reveal what floor a user is on in a building 2. While TikTok claims it anonymizes this data, the granularity of device details collected provides significant insights into a user’s identity and habits.
Metadata
TikTok collects a significant amount of metadata about videos on their platform. Metadata refers to data that provides information about other data, such as the time a video was recorded, geolocation, and tags/captions. According to computer science professor John Abraham from UTRGV, “Metadata is quite revealing when aggregated. It creates a profile about a user’s habits and preferences” (source).
Some of the metadata TikTok gathers includes:
- Audio information – Data about background audio, sound effects, and music tracks added to videos.
- Tags/captions – Any tags or captions added to describe video content.
- Timestamps – The date and time a video was recorded.
- Geotags – The location where the video was filmed.
By analyzing this metadata in aggregate, TikTok can gain insights into trends amongst users and better understand video viewership patterns.
Advertising IDs
TikTok collects advertising IDs like the Google Advertising ID and Apple IDFA to tailor ads and measure their performance. TikTok receives this info from ad partners when a user interacts with or views an ad. The ID does not directly identify the user, but enables advertisers to build profiles and retarget users. TikTok’s privacy policy states they can link the advertising ID to other data collected, like device info and activity on the app, to personalize ads and content.
Advertising IDs also help determine ad frequency, deliver sequential messaging, and carry out attribution. For instance, TikTok can identify if a user took an action like installing an app after viewing a certain ad. Overall, collecting advertising IDs provides TikTok and its partners detailed analytics on ad performance and user habits.
Third-Party Sharing
TikTok shares user data with various third parties including advertisers, measurement and analytics services, service providers, affiliates, and business partners. Their privacy policy states they may share information about users with these parties “to help provide, understand, and improve our Service.”
Some of the third parties they share data with include:
- Advertising partners like Google and Facebook to target ads and measure their effectiveness.
- Analytics services like Google Analytics to understand app usage.
- Service providers that support website functionality and business operations.
- Affiliates and business partners that distribute content or services.
The type of information shared can include technical data like IP addresses, device IDs, and activities within the app. User profiles and behavioral data may also be shared to enable targeted advertising. While aggregated, de-identified data is shared in many cases, individual user data can also be provided to certain third parties.
Users have limited control over preventing this third-party data sharing. Opting out of targeted ads may help reduce sharing with advertisers, but many disclosures state data will still be shared with “service providers,” “partners,” and “third parties” even when ads are disabled. Overall, extensive sharing with external companies is permitted under TikTok’s privacy policies.
Data Security
TikTok uses encryption and access controls to protect user data, but its practices have faced scrutiny. According to TikTok’s CEO Questioned by US on Privacy and Data Security, lawmakers questioned whether China-based employees could access TikTok’s US user data. TikTok claims it has safeguards in place, such as encryption of user data and limiting access to employees based on need. However, some critics argue TikTok should do more to assure US authorities of its data security compliance.
TikTok states that it stores US user data in servers located in the US and Singapore. It has also begun allowing experts to examine its algorithmic source code for security issues. In response to heightened data privacy concerns, TikTok has aimed to be more transparent about its security practices. But lawmakers remain unconvinced, calling for further investigation into TikTok’s data security as reported in Senators call on FTC Chair Khan to investigate TikTok’s data security practices.
Managing Privacy
TikTok gives users some control over their privacy settings and the data collected by the app. In the app’s Privacy and Settings section, users can choose whether their account is private and who can view their content. They can also turn off personalized ads and restrict comments on their videos.
For younger users, TikTok has robust parental controls through its Family Pairing feature. Parents can control screen time limits, restrict mature content, limit direct messaging, and disable personalized ads for their child’s account (1). These controls allow parents to tailor their child’s TikTok experience based on age and maturity level.
As a company with global users, TikTok complies with relevant data protection and privacy laws like the EU’s GDPR and the California Consumer Privacy Act. They have a team dedicated to data compliance and also implement measures like storing EU user data locally in data centers within the EU (2). However, some researchers have found issues with TikTok’s privacy policies being vague and providing little information about how data may be used (3).
Sources:
(1) https://www.youtube.com/watch?v=PS_Q1bHK8Rk
(2) https://newsroom.tiktok.com/en-gb/tiktoks-approach-to-data-privacy-and-security-in-europe
(3) https://cite.law.stanford.edu/publications/tiktoks-privacy-practices-leave-room-for-improvement