Privacy Policy Digest – TikTok

TikTok

The social video sharing app giant has a tagline of “make your day”.

If you’ve been struggling to find a way to efficiently siphon your personal information (for free) to a tech company based in Beijing, registered in the tax haven Cayman Islands and has sympathised with the Chinese Communist Party, you are in the right place.

TikTok’s Privacy Policy states they collect the following information:

  • Age
  • Username
  • Password
  • Language
  • Email
  • Phone Number
  • Name
  • Social Media Account ‘Information’
  • Profile Image
  • User Generated Content (what you upload)
    • “we collect user content…regardless of whether you choose to save or upload that user content”
  • Clipboard (when / if pasting to the app)
  • Payment Information
  • Names and Numbers of Your Phone Contacts
  • Names and Profiles of Your Social Network Contacts
  • Proof of Identity / Age documentation
  • IP Address
  • Geolocation Data
  • Unique Device Identifiers
  • Browsing and Search History
  • Cookies
  • User Agent
  • Mobile Carrier
  • Time Zone
  • Device Model
  • “Device System”?
  • Network Type
  • “Device IDs”?
  • Screen Resolution
  • Operating System
  • “App and file names and types”
  • Keystroke Patterns or Rhythms
  • Battery State
  • Audio Settings
  • Connected Audio Devices
  • Location via SIM Card
  • Location via IP Address
  • Location via GPS (if you allow it)
  • Your User Content is Analysed to:
    • identify objects and scenery that appear
    • the existence and location within an image of face and body features and attributes
    • “the nature of the audio”
    • the text of the words spoken
  • Biometric identifiers
  • Biometric information
    • faceprints
    • voiceprints
  • Messages are “Scanned and Analysed” for:
    • content of the message
    • when message was sent
    • when message was received
    • when message was read
  • Metadata
    • account name
    • hashtags
  • Cookies
  • Flash Cookies
  • Web Beacons
  • How often you use the platform
  • What adverts you view
  • what videos you watch
  • the users you follow
  • content set as ‘favourite’
  • Based on the above, you gender is inferred
  • Based on the above, your age is inferred

 

Hmm. It’s a start, but I think we need more. Additional organisations are called upon to provide extra information to TikTok about you:

  • 3rd Party Services “Used to Collect Information About You”
    • Advertising Partners
    • Data Providers
    • Analytics Providers
  • “Other Sources”
    • We may collect information about you from other publicly available sources.

But I can still watch the videos, right? Fear not, your videos will merrily flow into your app as your PII merrily chunters out the other end, enabling the relevant parties to provide:

  • Research
  • Payment Processing
  • Transaction Fulfillment
  • Database Maintenance
  • “Technology Services”
  • “Deliveries”
  • Advertising
  • Analytics
  • Measurement
  • Data Storage
  • Hosting Providers
  • Disaster Recovery Providers
  • Search Engine Optimisation
  • Marketing
  • Data Processing

Relax. Your data may or may not be stored on servers residing in Singapore. Only TikTok can view your data. Oh and these folks:

  • Payment processors
  • Customer support
  • Technical support
  • Research providers
  • Cloud providers
  • Advertising vendors
  • Marketing vendors
  • Analytics vendors
  • Parent Company
    • ByteDance
  • Subsidiary Company
  • Affiliate of Corporate Group

Don’t forget! You have rights.

  • You can delete your data
    • it only takes an average of 41 days to do so, you might want to stick a cup of tea on [1]
  • You can disable cookies, but “the functionality of the Platform may no longer be available to you”
  • You can opt out or marketing you probably never opted in for in the first place
  • Enable ‘Do Not Track’ (DNT) in your browser. In fact no. “we currently do not take action in response to these signals.”

Well, so long as my info is kept secure…

  • The people your data is shared with “may not have the same security protections as information you submit to us, and we are not responsible for protecting the security of such information”.
  • “TikTok may transmit your data to its servers or data centers outside of the United States for storage and/or processing.”
  • “no data storage system or transmission of data over the Internet or any other public network can be guaranteed to be 100 percent secure”
    • sounds like it’s just a matter of time before they get hacked, just as well they don’t store a lot of information about me, phew!

Won’t Somebody Please Think of the Children?

TikTok “is not directed at children under the age of 13”. Great. Alas, no. There is no age verification to enforce this.

In the first three months of 2021, TikTok removed 7 million accounts belonging to under 13’s. They need simply create a new account and say they are older than 13.

References

[1] TikTok. (2020). Data Access and Data Deletion Requests Metrics. [Online] Available at: https://www.tiktok.com/legal/ccpametrics?lang=en. [Accessed 30 Aug. 2021].

Leave a Comment

Your email address will not be published.