TikTok and WeChat Data Privacy Violations

The TikTok privacy debate did not end with the US agreement. It has escalated. TikTok has updated its US Privacy Policy. It is now one of the most aggressive data collection regimes of any mainstream consumer platform. It explicitly acknowledges the collection and processing of sensitive personal information under US state privacy laws. Named directly: • Racial or ethnic origin. • Religious or philosophical beliefs. • Mental and physical health data. • Sexual orientation. • Transgender or nonbinary status. • Citizenship or immigration status. • Precise location data. The policy goes further. TikTok is collecting far more than what users consciously share. Under the updated policy, it gathers what you provide, what it observes automatically, and what it receives from third parties. That includes account details and identity verification documents, private messages, drafts and unpublished content, AI prompts and interactions, clipboard content, purchase and payment data, contact lists and social graphs, and an extensive set of technical signals such as device identifiers, keystroke patterns, battery state, audio configurations, and activity tracked across devices. This is not incidental data leakage. It is formalized, permitted, and documented. Images and video are treated as analyzable environments. TikTok states that it "identifies objects and scenery, detects faces and other body parts, extracts spoken words, and collects metadata describing how, when, where, and by whom content was created." Post a photo near the Golden Gate Bridge and you are not just sharing a moment. You are generating structured data about place, time, environment, and your body, or body parts. Photos and videos are not just content. They are raw material for computer vision, biometric analysis, and location inference. Tik Tok will use all of the collected data, and maintains the right to sell all of it to interested third parties, from vendors to the federal government. Leaders must act on this immdiately. Privacy policies are not background reading. They are power documents. When they change, accountability shifts with them. If you are a user, a parent, a school, a youth facing organization, nonprofits, and public institutions that use TikTok as a communications channel, the update changes the governance calculus. Engagement is not a neutral act. It carries serious legal and ethical obligations tied to data protection, duty of care, and institutional risk. The new policy deserves close reading. At this stage of platform power, and scale of data collection, policy literacy is a governance responsibility, not a personal preference. Read the policy here: https://lnkd.in/ejbm8THx

The Irish DPC has fined TikTok €530 million for transferring personal data to China without appropriate safeguards. Is this the first international data transfers fine involving a country *other than* the US? We don't have a full decision notice yet, but here's what we know from the DPC's press release. — The DPC's decision appears to carry the same message as its €1.2 billion fine against Meta in 2023: Standard contractual clauses (SCCs) are "just" a contract, and contracts don't stop intelligence agencies from spying on people. According to the press release, TikTok used SCCs to facilitate its transfers to China, but failed to put measures in place to ensure they were effective. It's been nearly five years since the CJEU's judgment in Schrems II, but the high standard set by the court in that case still stands. — One interesting aspect of this case concerns the remote access (from China) of personal data stored in Europe. On page 10 of its post-Schrems II Recommendations 01/2020, the European Data Protection Board (EDPB) stated: "Please note that remote access by an entity from a third country to data located in the EEA is also considered a transfer." It's not clear whether TikTok disagrees or whether it merely argued that remotely-accessed data is out of the scope of Chinese surveillance law. Either way, the DPC appears not to distinguish between i) Housing data on servers located in China and ii) Allowing people in China to remotely access EEA-based servers. — This position is a problem for TikTok. In 2022, a Buzzfeed article cited “14 statements from nine different TikTok employees” suggesting that TikTok data was accessible to employees in China. One TikTok employee described themselves as a “master admin” with “access to everything”. Another said that "everything is seen in China". TikTok has committed to invest billions in localising data in Europe (and, separately, the US) under "Project Clover", a decade-long project of building data centres across the EEA. In its press release, the DPC acknowledges these efforts—but maintains that it is "appropriate, necessary and proportionate" to issue the enforcement decision nonetheless. — But it also seems that some TikTok users' data WAS transferred to China in the more conventional sense. Last month, TikTok reportedly notified the DPC that it had discovered in February that "limited EEA user data" had been stored on servers in China"—despite the company having given evidence to the contrary throughout the DPC's inquiry. As it did with Meta in 2023, the DPC has given TikTok six months to stop any unlawful transfers. Given the amount of money TikTok has invested into European data centres, I have little doubt that many people within the company would to solve this data transfer problem. But as with Meta, *something* is preventing TikTok from complying with the EU's data transfer rules. And unlike Meta, TikTok is unlikely to be rescued by an adequacy decision.

To TikTok or not to TikTok: A National Security Perspective 🇺🇸 Social media platforms have overwhelmed our lives, with TikTok leading the charge among younger audiences, and arguably the most dangerous. Should we be using the platform? At a recent keynote, a mother came to the microphone during my Q&A session to follow up on a story I had told about banning my teenage daughter from TikTok. She smirked up at me, shook her mane of blonde hair and said, “your daughter has a TikTok. They all do, it’s a fact.” Not so fast. I’ve personally gone to great lengths to ban the application from our home and my children’s devices. It hasn’t been easy. But talking with my teenagers about the potential dangers of TikTok won the day. Here are some of them: 🎯 Data Privacy Concerns: TikTok's parent company, ByteDance, is owned by the China Communist Party. This has raised significant concerns about how user data is collected, stored, and potentially accessed by the Chinese government. With over 1 billion active users, the scale of data harvested is staggering. Recent legislation in the US House of Representatives warned that downloading TikTok onto phones or devices may allow China to inject malicious software to compromise a targeted user. 🛡️ National Security Threats: The possibility of data misuse extends beyond personal privacy. Sensitive information about government officials, military personnel, and critical infrastructure could be at risk. TikTok could be exploited for espionage, surveillance, and influencing public opinion. They learn incredible intelligence about their users—from school drop-off times to eating habits, shopping preferences, favorite activities, and even your emotional state. If the U.S. enters a conflict with China, having data on 150 million Americans would give China an unparalleled advantage 🔍 Influence and Propaganda: The algorithm that makes TikTok so addictive also poses a threat. There are fears it could be manipulated to spread misinformation and propaganda, subtly shaping the perceptions and behaviors of millions. Beijing already bans most U.S. social media platforms, why should we allow China to influence our youth? 🚨 Calls for Regulation: Governments worldwide are taking action. From outright bans to stringent regulations, steps are being taken to mitigate the risks. It's crucial for policy makers to stay ahead of the curve and protect our national interests. 📢 What Can We Do?: Awareness is the first step. As users, we need to be mindful of the data we share. As citizens, we should advocate for stronger data protection laws and support measures that safeguard national security. 🔗 Join the Conversation: How do you feel about the national security risks posed by TikTok? Do you let your teenagers use TikTok? Share your thoughts in the comments! #NationalSecurity #DataPrivacy #TikTok #CyberSecurity #DigitalAge #InformationSecurity #Government #PublicSafety #TechRegulation

Fortune [excerpt]: In a fresh broadside against one of the world’s most popular technology companies, the Justice Department late Friday accused #TikTok of harnessing the capability to gather bulk information on users based on views on divisive social issues like gun control, abortion and religion. Government lawyers wrote in documents filed to the federal appeals court in Washington that TikTok and its Beijing-based parent company #ByteDance used an internal web-suite system called Lark to enable TikTok employees to speak directly with ByteDance engineers in China. TikTok employees used Lark to send sensitive data about U.S. users, information that has wound up being stored on Chinese servers and accessible to ByteDance employees in China, federal officials said. One of Lark’s internal search tools, the filing states, permits ByteDance and TikTok employees in the U.S. and China to gather information on users’ content or expressions, including views on sensitive topics, such as abortion or religion. Last year, the Wall Street Journal reported TikTok had tracked users who watched #LGBTQ content through a dashboard the company said it had since deleted. The new court documents represent the government’s first major defense in a consequential legal battle over the future of the popular #socialmedia platform, which is used by more than 170 million Americans. Under a #law signed by President Joe Biden in April, the company could face a ban in a few months if it doesn’t break ties with ByteDance. The measure was passed with bipartisan support after lawmakers and administration officials expressed concerns that Chinese authorities could force ByteDance to hand over U.S. user #data or sway public opinion towards Beijing’s interests by manipulating the #algorithm that populates users’ feeds. The Justice Department warned, in stark terms, of the potential for what it called “covert #content manipulation” by the Chinese government, saying the algorithm could be designed to shape content that users receive. “By directing ByteDance or TikTok to covertly manipulate that algorithm, China could for example further its existing malign #influence operations and amplify its efforts to undermine trust in our democracy and exacerbate social divisions,” the brief states. The concern, the Justice Department said, is more than theoretical, alleging that TikTok and ByteDance employees are known to engage in a practice called “heating” in which certain videos are promoted in order to receive a certain number of views. While this capability enables TikTok to curate popular content and disseminate it more widely, U.S. officials posit it can also be used for nefarious purposes. Federal officials are asking the court to allow a classified version of its legal brief, which won’t be accessible to the two companies. #news #business