TikTok has taken the world by storm, with over 1 billion monthly active users. Yet concerns loom about how the popular short-form video app handles user data. Stories abound of teens finding their location or other personal information exposed or accounts mysteriously banned. Parents worry what data might be collected and how it could be used. Critics accuse TikTok of aggressively harvesting data for profit and to benefit its Chinese owner, ByteDance.
So what’s really happening behind the scenes? Does using TikTok put your privacy at risk? Let’s examine the facts around data collection, security, and whether TikTok is sharing information with China.
TikTok’s Data Collection
TikTok collects a wide range of data on its users. According to its privacy policy, TikTok collects information such as username, password, email address, phone number, birthday, user-generated content, and payment information. It also collects users’ interests and preferences through their engagement with videos on the platform.
TikTok also collects location data based on users’ SIM cards, IP addresses, and GPS. The app accesses users’ address books and connections to identify friends on the platform. It can also access users’ photos, videos, and other media stored on their devices.
Importantly, TikTok tracks users’ behaviors in the app, including which videos they watch, how long they watch them, hashtags and accounts they follow, and their interactions with videos such as likes, shares, and comments. This allows TikTok to build detailed user profiles and serve personalized content.
Compared to platforms like Facebook and Instagram, some analysts argue TikTok collects more granular data on how users interact with content, enabling it to fine-tune its powerful recommendation algorithm [1]. However, all major social media platforms collect significant user data for advertising and recommendation purposes.
TikTok’s Relationship with China
TikTok is owned by the Chinese technology company ByteDance. This has raised concerns around censorship and connections to the Chinese government.
TikTok was launched in China in 2016 under the name Douyin. The international version, TikTok, was launched in 2017. Both apps are owned by ByteDance (source).
There is evidence that TikTok has down-weighted the posts of topics deemed sensitive by the Chinese government and Chinese Communist Party (source).
Some analysts argue TikTok may be obligated under Chinese law to share user data with the government. However, TikTok claims it stores international user data outside China and would not provide it to the government (source).
Overall, TikTok’s ownership by a Chinese company and China’s track record on censorship have fueled distrust and concerns about government influence.
Where Does TikTok Store Data?
TikTok has faced scrutiny over where it stores user data, particularly from U.S. regulators concerned about data access from China. Initially, TikTok stored U.S. user data on servers in data centers in Virginia, with backup servers in Singapore. However, according to TikTok, as of June 2022, 100% of U.S. user traffic is now routed to Oracle Cloud Infrastructure data centers in the U.S.
The shift to storing U.S. data domestically came after an executive order from President Trump in 2020 threatening to ban TikTok if it did not change its data storage policies. As part of an agreement with the U.S. government, TikTok partnered with Oracle to store U.S. user data securely within the United States.
TikTok claims U.S. user data is isolated from other TikTok data stored globally. According to TikTok, there is restricted access to protect U.S. user information and strict controls around employee access. TikTok states that Chinese government officials have no access to TikTok data on U.S. users.
Does TikTok Share Data with China?
TikTok has repeatedly claimed that it does not share any U.S. user data with China. In sworn testimony to Congress in September 2022, TikTok CEO Shou Zi Chew stated that TikTok does not operate in China and that the Chinese government has never requested data on U.S. users (1). However, TikTok is owned by Chinese company ByteDance, so concerns persist.
While TikTok stores U.S. user data on servers in the U.S. and Singapore, its parent company ByteDance can still theoretically access that data. TikTok claims there are controls in place to prevent inappropriate access, but cybersecurity experts argue these controls could potentially be overridden (2).
In June 2022, BuzzFeed News obtained audio recordings revealing that China-based ByteDance employees repeatedly accessed non-public data about U.S. TikTok users. This seems to contradict TikTok’s claims about data access controls (3).
While there is no public evidence so far that TikTok has shared data with the Chinese government, the links between TikTok and ByteDance raise credible concerns. More transparency from TikTok is needed to verify its data practices and protections for U.S. users.
TikTok’s Algorithm Controversy
TikTok’s algorithm is designed to determine a user’s interests and preferences in order to recommend content it predicts they will enjoy or find relevant. It does this by analyzing how long a user lingers on each video, what content they like, share, or follow, and who they interact with. The more a user interacts with the app, the more data it collects to refine recommendations (1).
However, critics argue TikTok’s algorithm is too effective at profiling and targeting users, including children. Experiments show it can quickly push users from a neutral feed into more extreme or narrow content. For example, researchers found the algorithm steered some users toward pro-anorexia content after just a few clicks (2).
There are concerns this makes it easy to promote harmful content like misinformation, especially to vulnerable demographics. In April 2022, UK authorities accused TikTok of illegally collecting data and exposing children to hidden advertising and inappropriate videos (3). TikTok announced changes to strengthen protections for teens in response. But many experts say more algorithm transparency and oversight is needed.
TikTok Data Breaches
TikTok has had several major data breaches impacting user privacy and security. In September 2021, cybersecurity firm Watchful discovered TikTok left the data of more than 1.2 billion users publicly accessible. Researchers found they could query TikTok’s backend and retrieve private user profile information including usernames, birthdays, profile pictures, and more.
In January 2022, TikTok confirmed a data breach exposed personal information of some users in Europe, with details like email addresses, birthdays, and more compromised according to reports. This followed previous breaches in 2019 and 2020 impacting U.S. user data.
Most recently in April 2023, the United Kingdom’s Information Commissioner’s Office fined TikTok nearly £13 million for multiple breaches of UK data protection law. The investigation found TikTok had insufficient safeguards to protect children and improperly handled their personal data.
These repeated security incidents indicate TikTok has struggled to adequately protect user data. Their security practices appear lacking compared to large social media platforms. TikTok will need to strengthen data protections and transparency around security to gain user trust.
How TikTok Uses Data
Like many social media platforms, TikTok monetizes user data primarily through targeted advertising. The data TikTok collects allows them to build detailed user profiles and serve users ads that align with their interests, demographics, and online behavior. This enables TikTok to generate significant revenue from ads.
Some critics argue TikTok exploits user data irresponsibly. For example, TikTok has faced scrutiny for how it handles data from younger users. There are concerns that children may not understand the extent of data collection when using the app. TikTok has introduced some safeguards, like preventing advertisers from targeting ads based on the data of users under 16. However, many privacy advocates believe TikTok should do more to protect minors’ data.
Additionally, the depth of data collected by TikTok raises responsible use concerns. The app gathers a vast array of user information, from locations visited to messages exchanged. While such extensive data enables incredibly targeted advertising, it also provides significant insights into users’ private lives. Some experts accuse TikTok of invasive “surveillance advertising” practices.
In response, TikTok claims it takes privacy seriously and uses data ethically. They state user data improves the app experience and note their practices follow industry standards. However, many privacy groups counter that TikTok remains far more opaque than competitors regarding data use. Overall, a lack of transparency continues to raise responsible use questions.
Protecting Your Privacy on TikTok
There are several steps TikTok users can take to better protect their privacy on the platform:
Make your account private. In your profile settings, toggle your account to “Private” so only approved followers can view your videos. This prevents random strangers from accessing your content (source).
Be cautious about sharing personal information. Avoid revealing your real name, birthday, location, school, workplace, and other private details in your bio or videos.
Review privacy settings. In the app settings, limit features like “Suggest your account to others”, disable location sharing, and turn off analytic data collection (source).
Don’t overshare. Carefully consider if you really want to post a video publicly before tapping upload. What seems harmless now could be embarrassing later.
Use strong passwords and enable two-factor authentication. This makes it harder for hackers to access your account.
Be wary of links and profile visits. Interacting with suspicious accounts or content could expose you to scams, spam, or malware.
Regularly review privacy settings. TikTok frequently updates features, so revisit settings to ensure they align with your comfort level.
Overall, approach TikTok sharing with the same caution you would on any social media site. Adjust settings conservatively, avoid oversharing personal details, and think twice before posting videos publicly.
Conclusion
Based on the evidence presented, it remains unclear whether TikTok definitively “steals” personal data. As a social media platform owned by a Chinese company, TikTok undeniably collects large amounts of user data including browsing information, location, messages, contacts, and more. They likely share some aggregated or anonymized data with their parent company ByteDance. However, there is no hard evidence that TikTok sends personal user data directly to the Chinese government.
Much of the concern stems from China’s broad data surveillance laws that could potentially compel TikTok to share data in the future. TikTok claims they store international user data outside of China and would not comply with any requests to share it with the Chinese government. But their vagueness on details raises questions.
In conclusion, while TikTok’s data collection practices deserve close scrutiny and concern, there is currently no direct evidence that TikTok is “stealing” or misusing personal user data beyond standard practices for digital platforms. However, their potential compliance with Chinese laws remains an issue worth monitoring as political tensions continue rising.
