TikTok has seen explosive growth since launching in 2016. By mid-2023, it reached over 1 billion monthly active users worldwide (1). Over 140 million of those users are located in the United States (2). The app’s growth has outpaced other major social platforms like Facebook, Instagram, and Snapchat over the last few years (3).
TikTok’s meteoric rise has not been without controversy. There are mounting concerns about how the company collects, uses, and secures user data. TikTok is owned by ByteDance, a Chinese company that is subject to data sharing laws in China. This has led to accusations that TikTok sends data to the Chinese government (4). There are also worries that the app’s algorithms can promote harmful content to vulnerable users (5).
In light of these issues, some governments have taken action against TikTok. India banned the app in 2020 over data privacy concerns (6). The US government has considered banning TikTok as well, though no action has been taken yet. Understanding how TikTok handles user data is an important topic given the app’s popularity.
(1) https://www.businessofapps.com/data/tik-tok-statistics/
(2) https://backlinko.com/tiktok-users
(3) https://www.statista.com/topics/6077/tiktok/
(4) [General knowledge]
(5) [General knowledge]
(6) [General knowledge]
What data does TikTok collect?
TikTok collects a substantial amount of data from its users, including:
User profile information – This includes your username, profile photo, bio, contacts, and any other information you add to your TikTok profile. According to TikTok’s privacy policy, they may collect your email address, phone number, and age as well.1
User generated content – All the videos, comments, messages, and other content you post on TikTok is stored by the platform.2 This content is used to personalize your feed and serve you tailored ads.
Device and usage data – TikTok collects data on the devices you use to access the app, including device model, operating system, unique identifiers, mobile network information, and settings. It also tracks how you interact with the app.
Location data – TikTok accesses your location based on your SIM card, IP address, and GPS (if enabled) to serve localized content and ads.1
Metadata – This includes information like the time, duration, and other details about your activities on TikTok.3
How does TikTok use the collected data?
TikTok uses the data it collects for various purposes including personalized recommendations, targeted advertising, improving user experience, and profiting from data.
Personalized recommendations: TikTok’s algorithm analyzes user data like interests, watch history, likes, comments, and more to recommend personalized content to each user. By understanding user preferences, TikTok can serve content it predicts users will enjoy watching and engage with (https://dot.la/what-data-does-tiktok-collect-2657689460.html).
Targeted advertising: Data collected is used by TikTok to build detailed user profiles and enable advertisers to target users with tailored ads based on their interests, location, demographics, behavior on the app, and more. The more data TikTok gathers, the more ads can be personalized and optimized for relevance.
Improve user experience: Usage data provides insights that help TikTok understand how people use the app and what features or changes can enhance the user experience. This continual improvement aims to keep users engaged.
Profit from data: User data is monetized directly through targeted advertising and indirectly by improving TikTok’s services. Data collection and analysis is a major part of TikTok’s business model and revenues. TikTok may also profit by sharing or selling data with affiliates, partners, or third parties.
TikTok’s privacy policies
TikTok’s privacy policy outlines how the company collects, uses, shares, and processes users’ personal information (https://www.tiktok.com/legal/privacy-policy-row). The key points are:
– TikTok collects information like username, device data, location data, and content users provide such as videos, comments, and messages (https://www.tiktok.com/legal/page/row/privacy-policy/en).
– User data may be shared with third parties like advertising partners, service providers, affiliates, and in compliance with legal requirements (https://www.tiktok.com/legal/privacy-policy-row).
– Users have some control through privacy settings to limit data collection and sharing, but options are limited compared to other platforms (https://www.tiktok.com/community-guidelines/en/privacy-security/?enter_method=left_navigation).
Overall, TikTok’s privacy policy is broad in what data it collects from users, with whom it shares that data, and the limited controls users have.
How secure is TikTok’s data and infrastructure?
TikTok utilizes encryption methods to help protect user data. According to TikTok’s website, user data is encrypted in transit using TLS (transport layer security) and at rest using AES-256 encryption1. The company states they employ physical and digital security measures like access controls, firewalls, and intrusion detection systems to help protect their data centers1.
However, some security experts have pointed out potential vulnerabilities in TikTok’s infrastructure. A 2021 report noted weaknesses in TikTok’s source code that could potentially enable malicious actors to manipulate content or access user data2. Additionally, because TikTok is owned by a Chinese company, ByteDance, there are concerns that the Chinese government could pressure the company to provide access to TikTok user data3. TikTok maintains that it stores U.S. user data outside of China and would not provide data to the Chinese government if requested.
Notable controversies
TikTok has faced various controversies regarding data privacy and content moderation. In 2019, TikTok was fined $5.7 million by the U.S. Federal Trade Commission for illegally collecting personal information from children under age 13 without parental consent, in violation of the Children’s Online Privacy Protection Act (Why Countries Are Trying to Ban TikTok).
TikTok has also faced accusations of censoring content that is critical of China or the Chinese Communist Party. In September 2020, TikTok issued a public apology and said it would improve content moderation policies after allegations it censored topics considered politically sensitive by the Chinese government (Controversial Topics).
There are also ongoing national security concerns about TikTok’s Chinese ownership and the potential for user data to be accessed by the Chinese government. In 2020, former President Trump signed an executive order to ban TikTok unless it was sold to a U.S. company. While the Biden administration revoked that order, there are still bipartisan concerns about the risks posed by TikTok’s data collection and China ties.
How TikTok compares to other social media
When it comes to data collection practices, TikTok gathers a similar amount of user data as platforms like Facebook and Instagram. However, some researchers argue TikTok collects even more data in certain areas. A 2020 study by Privacy One found that TikTok accessed the clipboard content of iOS users over 1,000 times in a single day, more than applications like Instagram and Facebook which accessed clipboard data around 100-400 times per day. So there are some indications TikTok may gather more user data than competitors in areas like clipboard snooping, though the overall data collection is comparable to Facebook and others (1).
In terms of transparency around data usage, TikTok has received criticism for not being as upfront as other platforms. Their privacy policy is vague in areas and they only released their first transparency report in 2021, years after Facebook and Twitter published such reports. There are concerns that TikTok does not adequately disclose to users how data may be used or shared (2). However, some researchers argue their transparency is similar to competitors at this stage (3).
When it comes to government scrutiny, TikTok has faced more pressure from U.S. lawmakers and officials than platforms like Facebook and Twitter. Citing national security concerns, there have been various proposals to restrict TikTok’s operations in the U.S. or ban it entirely. Comparatively, Facebook has not been subject to the same level of government pressure despite its own data privacy controversies. Though it’s unclear whether the scrutiny of TikTok is fully warranted or if geopolitical factors also play a role (4).
(1) https://www.cnbc.com/2022/02/08/tiktok-shares-your-data-more-than-any-other-social-media-app-study.html
(2) https://www.usatoday.com/story/tech/2020/08/06/tiktok-any-worse-privacy-and-data-mining-than-facebook/3311726001/
(3) https://pirg.org/articles/demystifying-tiktok-data/
Protecting your privacy on TikTok
TikTok offers several privacy settings to help protect users’ data. In the app’s Settings, users can make their account private, limit who can see their videos, and restrict comments. TikTok’s “Family Pairing” feature also allows parents to monitor their teen’s TikTok activity and enable Restricted Mode.
Users should also be cautious about sharing personal information in their profile or videos that could identify or locate them. Using an alias or nickname rather than your real name can help maintain anonymity. Turning off TikTok’s location tagging and geotagging features will also prevent your videos from being associated with a particular location.
For enhanced protection, experts recommend using a trusted virtual private network (VPN) when accessing TikTok. A VPN routes your traffic through an encrypted tunnel, hiding your IP address and location. This prevents TikTok from linking your usage history and protecting against potential data collection or security risks.
The future of TikTok and data privacy
TikTok has been working to expand transparency around its data collection and security practices in response to heightened regulatory scrutiny. In January 2023, TikTok announced new efforts to keep U.S. user data secure, including establishing a separate U.S.-based entity called TikTok US Data Security (USDS) to oversee data management (https://newsroom.tiktok.com/en-us/data-privacy-day-2023). TikTok claims this will add additional protections for U.S. user data beyond what other companies currently provide.
However, TikTok continues to face regulatory pressure. In December 2022, Congress banned TikTok from most U.S. government devices over national security concerns related to its Chinese parent company ByteDance. Several U.S. states have enacted bans restricting TikTok’s use on government devices as well. The FCC also plans to take action against TikTok for alleged violations of U.S. national security and data privacy laws.
As debates continue over restricting TikTok’s access to U.S. user data, it highlights the importance of user awareness around privacy settings and controlling what information is shared. While TikTok states it collects standard data needed to operate its services, users should understand how their information may be used or accessed. Checking and adjusting TikTok’s privacy settings can help users tailor their experience and data sharing preferences.
Conclusion
In summary, TikTok collects a substantial amount of data from its users, including profile information, content viewed, device data, location information, and more. This data is used by TikTok and its parent company ByteDance for advertising purposes and algorithmic recommendations. While TikTok’s privacy policies claim to keep data secure, the app has faced scrutiny over potential data privacy issues and security flaws.
There are still open questions about how secure TikTok’s data infrastructure truly is, especially given geopolitical tensions. Users should be aware of the extensive amount of personal data TikTok can access and potentially share. Those concerned with privacy may want to limit sharing certain information, use security tools, or avoid the platform altogether. However, TikTok’s popularity shows no signs of waning. As the app continues to grow, pressure will likely increase for more transparency and accountability when it comes to safeguarding user data.