TikTok collects information about how you consume its content, from the device you use to how long you watch a post and which categories you like, and uses this information to fine-tune the algorithm for the app’s main feed. For anyone familiar with how platforms like Facebook, Instagram and Google work – or who has read Shoshana Zuboff’s The Age of Surveillance Capitalism – this collection of data is not revelatory. However, when it comes to TikTok, the question that concerns many politicians and skeptics is where this data goes. More specifically: does all this information end up being accessible by the Chinese state? Owned by Chinese company ByteDance, TikTok’s success – more than 1 billion users worldwide – has combined with entrenched fears about the social media’s data collection practices and concerns about China’s geopolitical ambitions to create an undercurrent of mistrust of the app. “As the geopolitical situation changes, I suspect we’ll see companies like TikTok continue to be treated with some caution in the West,” says Alan Woodward, professor of cyber security at the University of Surrey. Distrust has already come under scrutiny from regulators and politicians around the world, who are concerned about the amount of data TikTok collects and whether Chinese authorities have access to it. In the US, Donald Trump in August 2020 signed an executive order preventing users from downloading the app, which followed an order for TikTok to sell its US business. The order issued on August 6, 2020 stated: “TikTok automatically captures vast swathes of information from its users, including information about Internet and other network activities, such as location data and browsing and search histories. This data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.” This, the order claimed, paves the way for China to monitor the locations of government officials, create racketeering dossiers and conduct corporate espionage. The orders were never implemented due to legal challenges, and Trump subsequently left office. Trump’s successor, Joe Biden, rescinded the orders and instead asked the U.S. Commerce Department to work with other agencies to produce recommendations to protect the data of people in the U.S. from foreign adversaries. The US Committee on Foreign Investment, which scrutinizes business deals with non-US companies, is also conducting a security audit of TikTok. Lawmakers on both sides of the aisle have called in recent months for tighter regulation and investigation. In India, where TikTok had more than 200 million users, the government in September 2020 banned the platform and dozens of other Chinese apps after warning that user data was being mined and profiles created “by elements hostile to its national security and defense of India”. In Ireland, the data protection watchdog, which regulates TikTok on behalf of the EU, in September 2021 launched an investigation into “TikTok’s transfers of personal data to China and TikTok’s compliance with GDPR requirements for transfers of personal data to third countries”. And the British parliament shut down its TikTok account this August after a lobbying campaign by conservative politicians, including former Tory leader Iain Duncan Smith and recent leadership candidate Tom Tugendhat. In a letter to the speakers of the House of Commons and Lords, the politicians claimed that “the data security risks associated with the app are significant”. They also claimed that data from the UK, where the app has around 18 million users, was “regularly transferred to China”. TikTok’s use of data has also been the subject of several news investigations, including a report by BuzzFeed in June that, based on leaked recordings of internal TikTok meetings, said employees of China-based ByteDance had access to non-public user data US TikTok. In a recording, a member of TikTok’s trust and safety department said that “everything looks in China,” according to BuzzFeed. In our opinion, based on detailed analysis, TikTok collects much more data than WeChat. Their aggressive way of continuously requesting access to contacts after a user decides not to share contacts is unusual David Robinson, co-CEO of Internet 2.0 Separately, Forbes reported in October that a China-based team at ByteDance planned to track two American citizens through TikTok’s location data collection. Last week, TikTok clarified to its European users that in some cases, for example, to check the operation of algorithms or for security reasons, employees based in China can access their data. Earlier this year, it acknowledged similar access to US user data. However, experts and analysts differ in their assessments of the TikTok data issue. Just weeks after British lawmakers voiced their concern, the director of Britain’s GCHQ spy agency, Jeremy Fleming, said he would encourage young people to use TikTok. This reflects a view by the British security establishment that the app is not problematic because it does not process data in China. In July, an American-Australian cybersecurity firm, Internet 2.0, published a report saying data collection in the app was “too intrusive” and pointed to a connection in the app to a server in mainland China run by Guizhou BaishanCloud Technology Co. Ltd. The report said that the data that TikTok can access on your phone includes the device’s location, calendar, contacts and other running apps. TikTok’s approach to data collection is more aggressive than WeChat, the Chinese super app that performs multiple functions from messaging to transportation, according to David Robinson, co-CEO of Internet 2.0. “In our opinion, based on detailed analysis, TikTok collects much more data than WeChat. Their aggressive way of continuously requesting access to contacts after a user decides not to share contacts is unusual,” he says. However, last year a study by the University of Toronto’s Citizen Lab found that the app did not exhibit “overtly malicious behavior” in terms of data collection, and its use of ad and user activity tracking software was “not exceptional compared to industry standards.” . TikTok has disputed both accusations that it collects more data than other social media companies and that Chinese authorities could access data from its users. TikTok says its use of data is in line with industry practices and helps the app function properly and operate securely, as well as give users more of what they want. A spokesperson adds: “the TikTok app is not unique in the amount of information it collects.” The company says its data is not stored in China, but in the US – where US user data is routed through cloud infrastructure operated by US company Oracle – and Singapore, and that it plans to start storing European user data in Ireland the following year. “Since we began transparency reporting in 2019, we have received zero data requests from the Chinese government,” added a TikTok spokesperson. The company denied it was being used to “target” US citizens in the wake of the Forbes report. In response to the BuzzFeed report, Shanahan said the company has been open about its efforts to limit employee access to US user data, and the BuzzFeed News report shows TikTok is “doing what it said it would do.” . Referring to the claim of the Chinese server by Internet 2.0, a TikTok representative said that the IP address mentioned in the report is located in Singapore and the network traffic does not leave the region. TikTok insists the app is independent. “TikTok is an independent platform, with its own leadership team, including a CEO based in Singapore, a COO based in the US and a Global Head of Trust & Safety based in Ireland,” it says. Woodward says that even if there is no evidence that TikTok is doing anything with user data beyond what is done by the other major social media platforms, China’s behind-the-scenes presence will remain hard for skeptics to shake. “The Chinese government’s pervasive but secretive approach to surveillance means that those who don’t trust them don’t believe that the lack of evidence is evidence that they aren’t using data from TikTok.” He says significant doubt is created by China’s 2017 National Intelligence Law, which states that all organizations and citizens will “support, assist and cooperate” in national intelligence efforts. Woodward says: “I’m sure many companies and individuals feel strongly that they would never provide customer data to the Chinese state, but how could they resist: the law is absolute and the government is not shy about punishing those who fail to comply .” “It’s less about TikTok and more about the Chinese Communist Party,” said James Lewis, senior vice president at the Center for Strategic and International Studies, a US think tank. “The CCP is ruthless and opportunistic when it comes to espionage, so distrust is more than justified.” “Social media pages are a great source of personal details” for spy agencies, Lewis says, adding that intelligence is now a “big data” game. For others, the data is less troubling than the platform’s potential to manipulate opinion. Matt Schrader, China adviser at the International Republican Institute, a nonprofit organization, says the data issue is a “sideshow.” He adds: “I’m much less concerned about political manipulation on the platform. It’s hard to detect and there’s limited evidence of its presence, but I’m concerned because the potential for groundbreaking, widespread…
