Generation Z’s ‘Big Brother’ – TikTok’s Intrusive Data Collection Practices and Regulations

TikTok, arguably the most popular social media platform among gen-Z, has faced legal scrutiny over the past two years regarding its data policy and ties to China. The debate about cybersecurity is not an unfamiliar one, as it’s commonplace for social-media giants, such as Facebook and Twitter, to invasively collect and use personal information from its users for targeted content and ads. Similar to Facebook and Twitter, TikTok collects users’ data in a variety of ways — compiling information on user contact lists and calendars on their phones, gathering user’s search and view history, content of their messages, and geolocating devices on an hourly basis. What distinguishes TikTok from the other social-media platforms is not only its “more aggressive” and “intrusive” data collection practices, which are granted by the app permissions automatically, but also its close ties to the Chinese authorities.

While TikTok has consistently stated that the data it gathers from U.S. users are stored in the U.S., not China, leaked audio from more than 80 internal TikTok meetings revealed Chinese TikTok employees can access U.S. users’ data. Additionally, the Chinese government could potentially force ByteDance, TikTok’s Beijing-based parent company, to collect and turn over user data to the government. The Chinese government would use this data to build a “vast database of information that could be used for espionage,” by “identifying U.S. government employees who might be susceptible to blackmail.” As data security worries mount, the U.S. government has repeatedly questioned and imposed restrictions on TikTok, including an executive order to ban TikTok issued by Trump in September, 2020, and revoked by Biden in June, 2021.

In September, TikTok reached preliminary agreement with the U.S. government to resolve its national security concerns. TikTok and the Committee on Foreign Investment in the United States (CFIUS) crafted a deal to address national security concerns. They agreed upon three main changes TikTok must implement. First, TikTok will store all data collected in the U.S. solely on servers run by Oracle, a cloud platform headquartered in Texas, instead of on its own servers. Second, Oracle will monitor TikTok’s algorithms of content recommendations, in order to address concerns that the Chinese government could influence American public opinion via TikTok’s personal feed. And lastly, TikTok will set up a board of security experts responsible for reporting to the U.S. government and overseeing TikTok’s U.S. operations. This preliminary draft is being reviewed by U.S. national security officials, and many hurdles still remain. 

For one, big data and data privacy and security has been a focus of government regulation and enforcement for the past few years – many federal agencies, such as the Federal Trade Commission and Cybersecurity and Infrastructure Security Agency, are working on new rules, and “in 2021 alone, 36 states enacted new cybersecurity legislation.” Moreover, the government’s close scrutiny of TikTok’s data privacy policies are intertwined with the whims of the global political spectrum, “as TikTok has become a symbol of the Cold-War-like atmosphere in relations between Beijing and Washington.” In a sense, suspicion toward TikTok reflects a suspicion of China, and criticisms of TikTok are unlikely to cease even if an agreement is reached with the U.S. government. 

Furthermore, the three changes TikTok agreed to implement are unlikely to make any significant progress in clearing the legal cloud surrounding the potential national security threat of its data practices. First, even with data stored on American servers, the concerns about national security remain, because physical storage on U.S. soil does not preclude the Chinese government from  accessing user data. As the leaked recordings show, data freely flows between the U.S. and China through TikTok and ByteDance’s tools for data visualization, content moderation, and monetization, and more. Additionally, data stored on Oracle servers will only include data not publicly available on the app, meaning that public content will still likely be accessible to the Chinese government. TikTok must go further to address the national security concerns raised by the U.S. government, as its ties to China increase TikTok’s threat perception by the U.S. TikTok’s global reach and recognition will be hindered if the platform is banned in America.