One of the most popular video-sharing application Tik Tok, is accused of multiple data breaches.
BEUC (The European Consumer Organisation) filed a complaint against the social media platform on the 16th of February 2021, and published a report presenting an analysis of Tik Tok’s Privacy Policies.
The first aspect presented by BEUC is the privacy and data protection policies, which the company has repeatedly changed without providing the users with clear information and accessibility regarding the geographical scope, language, and the differences between the versions of the policies.
The last update of their Privacy Policy was in July 2020, however Tik Tok does not provide any archive of older policies which makes the evaluation of their GDPR (General Data Protection Regulation) compliance more difficult.
‘’It should be emphasised that improvements over time do not excuse breaches of data protection rules in previous policies and practices.’’
Regarding the data protection principles, it seems that Tik Tok fails to demonstrate in a systematic and exclusive manner for what purposes and under what lawful ground the personal data will be processed for, misleading the users who are no longer able to exercise their rights.
Moreover, the video-sharing social networking collects personal data even from people who do not want to create an account, without providing clear information about what lawful ground will be used for processing.
‘’Technical information we collect about you. We collect certain information from you when you use the Platform including when you are using the app without an account. Such information includes your IP, address, instance IDs (which allow us to determine which devices to deliver messages to), mobile carrier, time zone settings, identifier for advertising purposes and the version of the app you are using. We will also collect information regarding the device you are using to access the Platform such as the model of your device, the device system, network type, device ID, your screen resolution and operating system, audio settings and connected audio devices. Where you log-in from multiple devices, we will be able to use your profile information to identify your activity across devices.’’
BEUC also demands the authorities for a thorough investigation of the consent Tik Tok requires for targeted advertising. The organisation brings several arguments on how the Platform obtains the consent illegally.
The consent notice is misleading for data subjects, it does not offer an additional ‘’decline’’ button, users being forced to access ‘’manage in settings’’ to find out more.
Moreover, ‘’ by clicking ‘Accept’, users consent to the personalisation of ads on the basis of app activity and on the basis of data received from third parties in a bundled manner’’.
When they are trying to manage their settings switching on ‘Personalized ads’ automatically switches on ‘’Ads based on data received from partners’’ as well, without being specified who are these partners of Tik Tok, BEUC argues.
The analysis also highlights a lack of special protection for children of Tik Tok app. GDPR places great emphasis on how personal data of individuals under the age of 18 is processed. The accusation becomes very serious as the app is very popular among teenagers.
It remains to be seen what the outcome of the authorities’ investigation will be and what arguments Tik Tok will bring in its defense.
Sovy can help you get compliant and stay compliant using our on-line tools, including:
- Walk through a data mapping exercise and build your data inventory.
- Build all the policies you need under the GDPR, including a privacy policy, data protection policy, and data breach response forms.
- Train your employees with industry-standard eLearning courses.
- Maintain your compliance program in the cloud
- Manage cookie consent and data rights
We also offer advisory services in compliance, governance risk, adverse event and remediation.
Find out how the Sovy GDPR Privacy Essentials can help you or- Get in touch with us for more information.
Source:
https://www.beuc.eu/publications/beuc-x-2021-010_confusing_by_design-a_data_protection_law_analysis_of_tiktok_s_privacy_policy.pdf
