TikTok is one of the world’s most popular apps, with over 1 billion monthly active users. However, concerns around data privacy and national security have put the video-sharing platform under intense scrutiny.
TikTok allows users to create and share short videos, often set to music. The app uses sophisticated artificial intelligence to determine what content to serve each user. But this level of personalization requires collecting vast amounts of data.
In this article, we will examine the key privacy issues plaguing TikTok. These include extensive data harvesting, opaque connections to China, lax protections for children, and various security vulnerabilities. Understanding these problems is important as policymakers consider whether tighter regulation or even a ban is needed to address the risks TikTok poses.
Data Collection
TikTok collects a wide array of data from its users including location information, messages, metadata, search history, and browsing data. As a Washington Post investigation revealed, TikTok gathers data on its users’ interests and contacts to feed content and ads to them. The privacy researcher working with the Post found that TikTok gathers less data than Facebook in some cases, but still collects more data than comparable apps like Snapchat and YouTube (https://pirg.org/articles/demystifying-tiktok-data/).
TikTok’s privacy policy is very broad, allowing the app to collect user content like photos, audio, and videos, as well as device data, location data, and any other information a user chooses to provide. While data collection alone may not be illegal, the breadth of TikTok’s collection paired with limited transparency has raised many concerns (https://www.cnn.com/2023/03/24/tech/tiktok-ban-national-security-hearing/index.html).
China Connections
TikTok is owned by the Chinese company ByteDance, which has raised concerns about data going to China and whether the platform is censoring content. TikTok does have an office in the United States and has claimed that data from American users is stored domestically, but there have been reports that some data may be accessible from China (Censorship by TikTok).
TikTok remains deeply connected to its Chinese ownership. TikTok’s operations are integrated with Douyin, the Chinese version of the app. There are concerns that this integration allows the Chinese government to potentially access data and influence content (Digital platforms like TikTok could help China extend its …).
China heavily censors and controls social media content accessed by its citizens. There are worries TikTok’s Chinese ownership could lead to censorship of content the Chinese government disapproves of (How China takes extreme measures to keep teens off TikTok). TikTok claims it does not remove content based on Chinese government requests, but questions remain.
Children’s Privacy
One major concern with TikTok is its large userbase of minors and potential violations of children’s privacy laws. Despite requiring users to be at least 13 years old, it’s estimated that over one-third of TikTok’s active users are between the ages of 10 and 19. Politico reports that many underage children use the app and provide incorrect ages, allowing them to bypass age restrictions.
This has led to allegations that TikTok violates the U.S. Children’s Online Privacy Protection Act (COPPA) by collecting data from children under 13 without parental consent. In 2019, TikTok paid $5.7 million to settle FTC allegations of COPPA violations. Despite this, critics allege TikTok still does not do enough to protect children’s privacy.
Features like direct messaging also pose risks for minors, allowing inappropriate contact between adults and children. While TikTok has made some changes, many experts argue stronger protections are still needed for underage users.
Security Issues
TikTok has faced criticism over weak encryption and security vulnerabilities that could expose user data. In 2020, researchers discovered issues with TikTok’s SDK that could have allowed hackers to access private user data.
Specifically, TikTok failed to enable SSL certificate validation which left connections between the app and servers unencrypted. This means user data being transmitted could potentially be intercepted and stolen. Additionally, hard-coded API keys were discovered in the TikTok app which could have been exploited to access user accounts and data without proper authorization.
These SDK vulnerabilities highlighted significant weaknesses in TikTok’s encryption and exposed users to potential hacking risks. Though TikTok claimed to have fixed the issues, concerns remain over the app’s security protections, especially given its popularity among children and teens.
Lack of Transparency
One of the biggest concerns with TikTok is its lack of transparency around data practices and privacy policies. TikTok has been criticized for being vague about what user data it collects and how it is used. The company has changed its privacy policies frequently over the years, often without clearly communicating the changes to users. This makes it difficult for users to understand what they are agreeing to. There are also very limited options for users to opt-out of data collection.
In 2020, TikTok updated its privacy policy to enable the sharing of user data with its parent company ByteDance Ltd, sparking additional backlash. While TikTok does have a transparency center on its website, critics argue it does not provide enough specifics on data practices. There is a lack of clarity around what user data gets stored, for how long, and for what purposes.
TikTok claims that data of US users is stored in the US with backups in Singapore. However, the company has provided little evidence to back this up. There are still concerns around Chinese government access to TikTok’s data given the links between ByteDance and China. Experts argue TikTok needs much stronger transparency especially related to storage of biometric data from videos.
Overall, TikTok’s continued lack of transparency around critical data practices remains a major area of concern. Without clear insight into what data gets collected and how it is used, users cannot make fully informed choices. Stronger transparency and giving users control over their data are seen as essential steps for TikTok rebuilding trust.
Calls for Regulation
Governments around the world have expressed growing concerns about the need to regulate TikTok due to various privacy and security issues. In the United States, lawmakers have raised alarms about TikTok’s Chinese parent company ByteDance and the potential for data sharing with the Chinese government. There have been calls to ban TikTok in the US, with some states already imposing restrictions on usage by government employees.
In December 2022, a federal judge in Texas upheld a ban preventing state employees from using TikTok on government devices, finding it to be a “reasonable restriction” given the risks. Other countries like India and Indonesia have temporarily blocked TikTok at various times.
Critics argue that the rapidly growing app needs more regulatory oversight to protect user data and ensure transparency. There are concerns that TikTok’s algorithm can shape influence and public opinion, especially among younger users. While TikTok has responded by emphasizing its security safeguards, many believe governments need to step up regulation of social media platforms like TikTok to address mounting privacy and misinformation issues.
TikTok’s Response
TikTok claims to put user privacy first by implementing extensive safeguards. According to its privacy policy, TikTok states it collects and processes user data according to applicable laws and does not provide foreign governments with access to the data.
TikTok says it has focused on increasing transparency around data security and privacy protections.
The company published its first Transparency Report in 2021 detailing government takedown requests and released regular updates (https://www.tiktok.com/transparency).
In response to concerns, TikTok strengthened default privacy settings for accounts belonging to younger teens in early 2022. Accounts for 13-15 year olds are now set to private by default so only approved followers view content. Direct messaging is disabled, comments are limited to “friends only”, and additional restrictions are placed on what content is shown in feeds.
Protecting Your Privacy
To protect your privacy on TikTok, it’s important to be cautious in what you share and review your app settings. Here are some tips:
Review account settings – Enable “private account” mode so your content is only visible to followers you approve. Restrict messages to “friends only”. Remove your profile photo, bio info, and location.[1]
Be cautious sharing personal info – Don’t provide your real name, birthdate, address or other details in your profile or videos. Don’t film identifiable locations like your school or workplace.[2]
Use privacy-protective practices – Turn off data tracking in settings. Don’t link other social media accounts. Be selective in posting videos and limit your audience. Don’t friend strangers or accept suspicious follower requests.
Conclusion
In this discussion, we’ve examined the key issues around privacy and TikTok. The app’s vast data gathering and ties to China raise grave concerns about how the information is being used and whether US national security could be compromised. Compounding the worries is TikTok’s weak security protections, especially regarding children’s privacy. The company also lacks transparency in disclosing exactly what is collected and how it is used.
While TikTok claims it takes privacy and security seriously, many are unconvinced. Increased regulation and oversight of the app seem warranted, but enacting and enforcing measures poses challenges. Users keen on protecting their information would be wise to adjust privacy settings, avoid sharing sensitive info, and consider deleting the app.
Going forward, TikTok must work to rebuild user trust by enhancing safeguards, improving transparency, and cooperating with regulators. However, given the intrinsic nature of the app and its parent company, the privacy issues may be difficult to resolve fully. This debate will certainly continue as technology, data use, and global relations evolve.