In mid January of this year, Americans were sent into a week-long whirlwind regarding one of their most popular apps. The U.S. government has been eyeing TikTok and its parent company, ByteDance, as a potential threat to the country’s security and data. TikTok was temporarily banned in the United States due to a law signed into effect in April 2024 that gave TikTok until January 19, 2025, to find a government approved buyer. Although the platform was only unavailable in the U.S. for less than 24 hours, the expectation that they sell the app still stands. An extension of 75 days was given to TikTok, which means a longer, more permanent ban could still happen.

To better understand TikTok and what information they have, let’s look at their privacy policy.

What data is collected?

TikTok collects information the users provide, information from other sources, and some information is collected automatically. When users create an account, demographic information such as your “name, age, username, password, language, email, phone number, social media account information, and profile image” is now accessible to TikTok. Other information users provide is user-generated content such as videos, livestreams, audio clips, and photos. Any messages sent or received within the app and your phone or social media contacts are access with the user’s permission. When using the TikTok Shop feature, purchasing information is also stored.

Other information may come from third-party services that are then tied to your account. When creating an account, signing in through platforms like Facebook, Instagram, or Google instantly like the two accounts together and share information. Other services like advertisers share information “about you and the actions you have taken outside of [TikTok], such as your activities on other websites and apps or in stores, including the products or services you purchased, online or in person.” They can also gain information from other users such as businesses, organizations, people, and publicly available sources.

When using the platform, TikTok automatically collects information like internet/network activity like your IP address, location, device identifiers, cookies, and browsing and search history.

How is it used?

TikTok uses this information for several reasons:

• To  troubleshoot, analyze data, test, research, generate statistics, and survey to solicit your feedback.
• To customize the content you see based on your location and interests.
• To measure the effectiveness of the advertisements sent to you.
• To allow connections between accounts like sharing, downloading, and suggested accounts.
• To detect fraud, abuse, or illegal activity within the app.

TikTok may share this collected information with service providers, business partners, their corporate group, in connection with sales or business transfers, and for legal purposes. They can share your information for other reasons with your consent.

Do users have control?

Despite the vast ways TikTok can gather and share information, users do have control over what the platform can access. Users can disable cookies, opt out of targeted advertising, manage third-party preferences, unsubscribe from emails, and update personal information at any time.

Privacy Concerns and Controversies

As stated previously, TikTok has been under fire by the U.S. government due to their company being linked to ByteDance, a Chinese technology company. Lawmakers are concerned that ByteDance could be forced to give U.S. user data to the Chinese government. Many users do not seem worried about this possibility, as thousands of TikTokers sought out to protest the ban by downloading Xiaohongshu, also known as RedNote, which is described as China’s version of Instagram. This act may cause the U.S. government to tread carefully when instating a future TikTok ban.

TikTok’s Transparency and Consumer Protections

While TikTok’s Privacy Policy does comply to the General Data Production Regulation (GDPR) and the California Consumer Privacy Act (CCPA) listed under their jurisdiction-specific terms, the platform has been subject to a number of violation-induced fines.

The GDPR is a European Union law that restricts businesses from collecting or processing the data of consumers without consent. In September 2023, the Irish Data Protection Commission (IDPC) issued TikTok a €345 million fine concerning children’s data.

Prior to this, TikTok was fined £12.7m in April 2023 by the UK’s Information Commissioner for violating the treatment of data for “1.4 million users under the age of 13.”

Potential Improvements

Despite TikTok being amongst the most popular platforms in the United States, there are still steps they can take to improve their relationship with concerned users.

1. All platforms have privacy policies, but most are hard for the average user to understand. By simplifying these policies, TikTok would give users the ability to comfortably manage their preferences.
2. TikTok can incorporate additional checkpoints for users to consent to their data being collected or shared. Instead of only asking when signing up, TikTok could ask users every six months to review their policies and terms.
3. As it stands, users cannot completely opt out of having their data collected by TikTok. By allowing users to fully reject data collection, the platform would provide a completely protected option.
4. As well as simplifying their privacy policies, TikTok should also be more transparent about who a user’s data could go to. Instead of listing the blanket term “third-parties,” TikTok could disclose who these organizations are to give users a greater peace of mind.