We’ve all been there. We install the latest and hip new cell phone application, and right after it opens for the first time, a 20 page privacy policy appears. In our excitement, we promptly close the window and don’t read the policy. Maybe we should start reading these policies.
It shouldn’t come as a surprise, but mobile application and technology companies are collecting vast quantities of user data. These privacy policies lay out what a company is collecting and how they use the data they collect on people.
I’ve been curious about TikTok’s privacy policy lately and decided to take a deep dive. For those who are unaware, TikTok is the latest application to engage billions of people each day. The application allows users to view and create an infinite supply of short videos and uses an aggressive algorithm that specifically personalizes and targets content for users.
tiktok’s Privacy Policy
TikTok’s 3200-word privacy policy illustrates the company’s strategy for collecting data. The app collects an abundance of information from its users, including images, text, video, audio, usage data, location data, and messages sent through the app. The app also retains keystrokes, rhythms, keypad entries, IP addresses, file names on the device, and the battery status of the app. TikTok also collects information from third-party applications such as Facebook, Instagram, or Twitter and learns how you use those applications as well.
If you choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google), we may collect information from these services, including your contact lists for these services and information relating to your use of the Platform in relation to these services. If you link your TikTok account to another service, we may receive information about your use of that service.
Excerpt from TikTok’s Privacy Policy
How data is used
I’m sure many people assume TikTok exists as a form of entertainment, a simple, fun, and innocent application. I’d also believe many might overlook what TikTok is doing. TikTok collects user data for other purposes. According to their privacy policy, it indicates the motive of the application, makes money, specifically engages users with personalized content, and provides relevant advertisements for the companies paying TikTok for their services. The privacy policy includes:
- To customize the content you see when you use the Platform.
- To send promotional materials from us or on behalf of our affiliates and trusted third parties
- To measure and understand the effectiveness of the advertising we serve to you and others and to deliver advertising
- To make suggestions and provide a customized ad experience
- To use User Content as part of our advertising and marketing campaigns to promote the Platform
- To understand how you use the Platform, including across your devices
- Consistent with your permissions, to provide you with location-based services, such as advertising and other personalized content
- To inform our algorithms
- To facilitate sales, promotion, and purchases of goods and services and to provide user support
Alarming Data collection
While it’s discomforting to see TikTok’s privacy policy in plain text, some practices alarm me further. The first is TikTok’s collection of biometric identifiers such as faceprints and voiceprints. The privacy policy does not delve deep into what these terms mean, and we can assume the app is collecting scans of people’s faces when they use a special facial or voice filter. It begs the question, what could TikTok’s parent company ByteDance be doing with all the biometric data they are collecting?
We may collect biometric identifiers and biometric information as defined under US laws, such as faceprints and voiceprints, from your User Content. Where required by law, we will seek any required permissions from you prior to any such collection.
Excerpt from TikTok’s Privacy Policy
The statement above is vague and does not identify which US laws they mention. Is the company referring to federal, state, or local laws? Only five US states have enacted biometric laws, Washington, Illinois, Texas, Virginia, and New York, and it’s unclear how TikTok is collecting this type of data.
Sharing information with coporate offices
In addition, TikTok tells users they do not sell their data but are sharing it with “service providers and business partners to help us perform business operations and for business purposes…” The company further adds that the data shares with “Advertising, marketing, and analytics vendors.” They do not clarify who these companies are and what they do with the information they receive from TikTok.
I’m also concerned to see that TikTok shares the data they collect with their corporate office group, ByteDance, a Chinese company that owns and runs many other platforms. It’s unclear what the parent company does with the data shared with them and stores user data in centers in California and Singapore. I’m also wary that ByteDance might have connections to the Chinese government, and who knows how the Chinese government uses the information they collect from users across the world.
I recognize American’s generally distrust the Chinese government, largely thanks to former President Trump’s stance on TikTok and attempting to ban the social media app from the United States.
After viewing the privacy policy, I have to ask myself how many people read these? I wonder if people read these privacy policies, how many users would continue to use the app? I can only assume that tech companies don’t want people to read these policies, which explains hiding policies in lengthy documents.
