2023: Tik Tok Raise Awareness Year
In 2022, TikTok emerged as the most popular mobile application with over 1 billion active users spread across 154 countries. However, as of March 20, 2023, the European Union has decided to suspend the use of TikTok on corporate devices due to cybersecurity concerns, which was mainly motivated by data protection and collection issues by third parties.
Other states, including Denmark, Canada, the Netherlands, and the United States, have also banned government workers from using TikTok on their devices. The app's ban has sparked discussions about the cybersecurity of international and government institutions regarding the types of applications allowed in their countries. In 2020, private companies like Amazon instructed their employees to remove TikTok from their work devices, and India banned the app in the same year. Recently, the Czech Republic has also expressed concerns about the security risks associated with the app. The primary concerns of Western countries and their institutions are related to privacy violations, espionage, and the lack of control over how the app utilizes the data it collects.
TikTok and user data
To use TikTok, every user is required to grant authorization for the application to access the device's key features such as the camera, microphone, and location. The authorization provides TikTok with the ability to collect information about the user's face, voice, IP address, and approximate location. Furthermore, it also records keyboard movements and tracks the content that a person views.
The in-app browser, which is integrated into the TikTok app and pops up when a user clicks on an external link, can track every keystroke made by the user. This enables the collection of information about what users type on their phones while visiting external websites. Such information can include sensitive data like credit card numbers and passwords. This practice is typically associated with malware and other hacking tools, and it raises significant cybersecurity concerns.
Governments remain concerned
TikTok, which is owned by the Chinese company ByteDance, has been accused of harvesting user data. The Chinese National Intelligence Law, which came into force in 2017, grants the Chinese government sweeping powers to compel Chinese citizens and companies to collaborate with intelligence-gathering operations. Critics argue that the law could be used to force Chinese companies to disclose sensitive data or intellectual property to the government, potentially jeopardizing the privacy and security of individuals and organizations.
Under the law, the Chinese government has the legal right to demand ByteDance to provide any user information to which it has access. As all data stored within China can be shared with the Chinese government for intelligence purposes, it is reasonable to assume that specific and aggregated user data can be consolidated and shared with the Chinese government.
When installed on the private devices of senior officials or military personnel, TikTok thus may provide the Chinese government access to sensitive data. Combined with widespread concerns of the app breaching users' privacy, governments around the world have taken significant steps to prohibit the use of the application on phones.
The Data Protection Commission, an Irish watchdog that regulates applications like TikTok for the European Union, has launched an investigation. The investigation is focused on the "transfers by TikTok of personal data to China and TikTok's compliance with the GDPR's requirements for transfers of personal data to third countries." The GDPR, or General Data Protection Regulation, is a European Union regulation designed to protect the privacy of individuals within the EU. It establishes strict rules for the collection, processing, and storage of personal data.
Given the concerns surrounding the data breach, the investigation into TikTok's compliance with the GDPR is a significant step towards protecting the privacy of TikTok's users. The outcome of the investigation could have far-reaching implications for the app and its users. Despite the allegations of data harvesting, TikTok has consistently denied any wrongdoing and has emphasized its commitment to the security and privacy of its users. The company has also made it clear that it is dedicated to transparency and cooperation with regulators and law enforcement authorities.
In an effort to address these concerns , Shou Zi Chew, the CEO of TikTok, recently met with Vice President for Values and Transparency Věra Jourová. Jourová stated: “I count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining the trust of European regulators. There cannot be any doubt that data of users in Europe are safe and not exposed to illegal access from third-country authorities”.
In addition to its efforts to reassure regulators and users, TikTok is also operating in a changing regulatory landscape. The European Union is in the process of implementing the Digital Services Act, which is designed to create a safer digital space where the fundamental rights of all users of digital services are protected. By complying with these regulations, TikTok can demonstrate its commitment to data protection and privacy, and continue to build trust with its users and regulators alike.
Can we trust TikTok?
China's history of systematic data misuse has raised concerns among several governments regarding TikTok. Currently, the responsibility for allowing the app to track and review user data primarily lies with the users themselves. However, there are questions regarding the level of user awareness, especially among TikTok users who primarily consist of younger generations under the age of 18. According to GLOBSEC Trends 2022, citizens of CEE countries demonstrate minimal awareness concerning possible threats coming from China, averaging at 29%. Among young people aged 18-24, the perception of China as a threat was at 35%.
Therefore, in addition to considering banning the app from government devices, governments should also invest in raising awareness about data protection and security among users. The effort should concentrate on the most vulnerable groups in society, such as primary age groups using these applications and civil servants. It is crucial to take action to protect privacy and data by reading the terms and conditions of any app and adjusting privacy settings accordingly.
Junior Research Fellow, Centre for Democracy & Resilience