TikTok has become one of the world’s most popular social media platforms, with over 1 billion monthly active users as of 2022. However, as the app has grown, so have concerns around data privacy and security. Recently, TikTok rolled out an updated privacy policy aiming to provide users more transparency and control.
The changes come amid heightened scrutiny over how TikTok collects, uses, shares and secures user data. With over 1.7 billion registered users, TikTok holds an immense amount of personal information. Critics argue its data practices have been opaque and its ties to its parent company ByteDance in China raise national security risks.
In response, TikTok has looked to ease concerns by updating its privacy policy to be more detailed, while also giving users additional options to manage their data. This article will provide an overview of the key changes and what they mean for users.
What’s Changed in the New Policy
TikTok updated its privacy policy on January 2, 2024, with several notable changes from the previous version (TikTok, 2024). The key differences involve expanded data collection and changes to how TikTok uses, stores, and shares user data.
Under the new policy, TikTok collects more types of data from users. This includes expanded device information like WiFi network names and email addresses linked to users’ accounts. TikTok also now stores data like draft videos not posted, messages typed but not sent, and information about how users interact with content.
Regarding data usage, TikTok now analyzes user content to recommend new accounts to follow. The company also uses data to customize content like ads based on recent device activity. As for data sharing, TikTok can now share aggregate data like general location and age demographics with business partners.
In summary, TikTok’s updated privacy policy allows the platform to gather more user data from devices and interactions. It also enables broader usage for recommendations and ads. Finally, the new policy permits expanded data sharing with third-party partners.
Data Collection
TikTok collects a wide range of data on its users, including personal information, device information, network activity, location information, and more. According to TikTok’s updated privacy policy, some of the key data types collected include:
Personal information like name, email address, phone number, and birthdate when users sign up for an account. TikTok also collects profile data like username, profile photo, and user-generated content.
Device information like IP address, device ID, operating system, hardware and software versions, network type, and browser type. This allows TikTok to identify users across devices.
Network activity data including information about a user’s browsing history, search history, and interactions with other apps and websites. TikTok is able to track user activity when the app is open or running in the background.
Precise location information from GPS, Wi-Fi networks, and cell towers. TikTok collects location data to provide geographically relevant content and features.
Usage information like videos watched, content searched or viewed, comments made, ads interacted with, and more. This allows TikTok to understand user interests and habits on the platform.
Much of this data collection happens through the use of cookies, pixel tags, and similar tracking technologies that operate in the background even when users are not using the app.
Sources: https://pirg.org/articles/demystifying-tiktok-data/, https://www.tiktok.com/legal/privacy-policy-row
Data Usage
TikTok uses the data it collects from users primarily for targeted advertising and content recommendations. According to research, TikTok uses around 840MB (just under 1GB) of data per hour of usage [1]. This data allows TikTok to build detailed user profiles and interests, which inform which ads and videos are shown to each user.
When you watch videos on TikTok, the app collects information about what types of videos you engage with, how long you watch them, and your interactions. TikTok feeds this data into its recommendation algorithm to serve you more of the content it thinks you will enjoy. The more you use TikTok, the more data it can collect to refine recommendations.
TikTok also allows advertisers to target users based on their interests, demographics, behavior on the app, and more. By serving users targeted ads, TikTok aims to show more relevant advertising to each user. The data TikTok gathers about each user, such as their likes, shopping habits, and location, informs which ads they see.
Data Storage
TikTok stores user data on servers in Singapore and the United States, with backup redundancy across multiple AWS availability zones (source: https://www.reddit.com/r/Tiktokhelp/comments/lrxuds/tiktok_taking_up_half_my_storage/). Data localization laws require TikTok to store Indian user data locally in India (source: https://www.wikihow.com/Why-Does-Tiktok-Take-Up-So-Much-Storage). The app downloads and caches videos you watch locally on your device, which can take up significant storage space if not cleared regularly (source: https://www.dexerto.com/entertainment/tiktok-storage-free-up-space-1775839/).
Data Sharing
TikTok may share users’ personal data with third parties and government entities in certain circumstances. According to TikTok’s updated privacy policy, the company may share information with service providers, suppliers, and partners to assist in providing and optimizing the platform. This includes sharing data with advertisers and measurement partners for advertising and analytics purposes. TikTok’s privacy policy states that the company only shares the minimum amount of data needed and requires third parties to keep the data secure.
TikTok also discloses user information in response to legal requests from government authorities and law enforcement agencies. According to TikTok’s latest transparency report, the company received over 125 government data requests in 2021, the majority coming from authorities in the US. TikTok states that it scrutinizes each government request to ensure it has a lawful basis and only provides the limited data required. However, privacy advocates have raised concerns that TikTok’s data could be accessed by authorities in China, where its parent company ByteDance is based.
User Controls
TikTok allows users under 18 to control aspects of their privacy and security. As outlined in their support article Teen privacy and safety settings | TikTok Help Center, accounts for users under 18 are private by default, meaning only approved followers can view their content. Users can manage their privacy settings by tapping “Privacy” under Settings, which allows them to toggle options like:
- Allowing others to find you using your phone number or email address
- Allowing others to view your likes and following lists
- Allowing others to comment on your content
- Allowing others to duet with your videos
Users can also enable Restricted Mode, which limits the appearance of potentially inappropriate content. Parents can link their TikTok account to their child’s to enable additional parental controls.
Additionally, users can choose whether to make their account public or private at any time by going to Privacy settings and toggling “Private Account” on or off, as explained in TikTok’s article Choosing between a private or public account. With a private account, users have the option to approve or deny each new follower request.
In summary, TikTok provides users under 18 with customizable privacy settings and the ability to opt-out of certain types of visibility or engagement through their account controls.
Child Safety
TikTok takes child safety very seriously and has implemented measures to protect younger users. The app complies with the Children’s Online Privacy Protection Act (COPPA), which requires parental consent for apps to collect personal data from children under 13 years old.
For users under 18, TikTok enables stricter privacy and safety settings by default. Their accounts are set to private automatically so only approved followers can view their content. Direct messaging is also disabled to prevent unwanted contact from strangers. Additionally, safety mode is turned on to limit the appearance of potentially inappropriate content.
TikTok also recommends parents make use of their “Family Pairing” feature, which allows parents to customize settings and restrictions for their child’s account. Parents can control things like screen time limits, restricted modes, and direct messaging. This gives extra assurance that kids are protected when using TikTok.
For more details, see TikTok’s guide for parents and guardians at https://www.tiktok.com/safety/en/guardians-guide/.
Security Measures
TikTok takes several steps to protect user data and prevent security breaches, hacking, and unauthorized access according to their updated privacy policy (<1)[https://www.tiktok.com/community-guidelines/en/privacy-security/?enter_method=left_navigation].
They use encryption to protect user data in storage and in transit. This makes it difficult for hackers to access user information (<2)[https://usa.kaspersky.com/resource-center/preemptive-safety/is-tiktok-safe]. TikTok also has internal controls to limit employee access to user data based on legitimate business needs.
While some security experts note TikTok lacks two-factor authentication (<3)[https://usa.kaspersky.com/resource-center/preemptive-safety/is-tiktok-safe], the app does have safeguards in place to protect against breaches and unauthorized access. TikTok states they have dedicated teams that work to combat hacking, phishing, spam, and other cybersecurity threats.
Conclusion
In summary, the new privacy policy contains some key changes to how TikTok handles user data, including controls for users to opt out of data collection in certain instances and clarifying how user data will be shared with third parties. However, the policy remains complex and lacks transparency in areas. Users should carefully review the new settings to opt out where desired.
The policy appears to be a step in the right direction, but concerns remain around data practices, child safety, and the influence of ByteDance ownership. Additional improvements to simplify terms, increase transparency, and strengthen safeguards for minors would further address privacy and security concerns with TikTok’s platform. While the policy aims to provide users more control, TikTok should continue working to build user trust through enhanced privacy protections.