The dark side of TikTok’s data privacy

The app Tiktok has gained tremendous popularity over the past three years. Wether it is with users looking for entertainment or for businesses for which the app represents an amazing growth opportunity. However, the app is facing huge criticism for their data management methods, wether it is collection, use or privacy.  Indeed, Italy has already taken action and took down accounts of users below 13. Now it’s the USA’s turn to issue a class action lawsuit resulting in a $92 million settlement for data privacy.

The people of America VS. TikTok and ByteDance.

But now it’s the United States who are taking responsibility in calling Tiktok to order. Although the USA was never the biggest supporter of Tiktok, they had yet to take direct action against the company.

According to the USA’s federal law, a company can’t collect and use personal data without “sufficient notice and consent”. 21 different lawsuits have been filed against TikTok as well as its parent company, ByteDance. They allege the companies have “violated federal and state law by collecting and using” personal data without getting formal consent, and that they “infiltrates its users’ devices and extracts a broad array of private data including biometric data and content that defendants use to track and profile TikTok users for the purpose of, among other things, ad targeting and profit”. Therefore violating federal and state law and resulting in a class action suit. Many of these lawsuits have been filed on the behalf of children as young as 6 years old.

The lawsuits allege that biometric data have been collected and used as a “complex system of artificial intelligence to recognize facial features in users’ videos” and that it analyzes faces to “determine the user’s age, race/ethnicity, and gender … to recommend content and profiles for the user to follow”. This would violate the Illinois Biometric Information Privacy Act, entitling Illinois residents to individually sue the company.

This legal case, named TikTok, Inc., Consumer Privacy Litigation, is being overseen by the United States District Court.

TikTok avoids court at all costs and chooses settlement with data management.

Tiktok through its parent company has denied any wrongdoing but agreed to a settlement to avoid going to trial. They issued a statement explaining : “While we disagree with the assertions, rather than go through lengthy litigation, we’d like to focus our efforts on building a safe and joyful experience for the TikTok community”. It is important to note that the court has not ruled against Tiktok since the case has not went to trial.

The settlement, although not an admission of guilt, is for $92 million. It covers attorney fees, administrative fees and the settlement payment of individual eligible users who have filled the required form. Many users have already received a notification through the Tiktok app to inform them of this settlement and direct them to more information.

US citizen and their children who used the apps Tiktok and/or ByteDance before September 30th 2021, are eligible to receive compensation from Tiktok as the settlement for the case. Tiktok has given the opportunity to their American users to file an individual claim on a website before March 1st.

The settlement will get its final approval at the hearing on May 18th 2022 in the United States District Court. However, the amount of each compensation will largely vary according to the number of people filing a claim. If everyone eligible files a claim, each user would only be compensated of a few cents. Except for Illinois residents who are entitled to a larger compensation. But the settlement also obliges Tiktok to take measure to ensure that incidents like that will not happen again. Such as changing and disclosing its data collection practices.

Has this settlement taught Tiktok a data lesson ?

As part of the settlement, Tiktok will have to change and disclose data collection processes, and ask for proper approval. However, the company has taken some additional steps to reassure its community and protect the minors of the app. These protective actions target users aged 13 to 17 years old to insure a safer usage of the platform.

The app will ask teenagers under 16 to choose who can watch their videos before they can post them. Downloads of their content will be permanently disabled. Users aged 16 to 17 years old will be able to choose who can download their public videos. And their direct message options will be automatically set to « no one » with the possibility to change. Moreover the app will reduce the frequency at which minors receive notifications. For instance, users aged 13 to 15 won’t receive push notifications after 9 PM. And those aged 16 and 17 after 10PM.

These actions might not have been an act of good faith. Indeed, following the lawsuit, the Federal Trade Commission and US Justice Department have started investigating Tiktok. They are following allegations that TikTok failed to live up to a 2019 agreement aimed at protecting children’s privacies.

The big takeaway of this settlement

In September 2021, Tiktok reported 1 billion active users of the app worldwide, a 45% growth since July 2020, where the app reported 689 million active users on the platform. Tiktok is growing at a rapid pace and shows no sign of slowing down. It is mandatory to keep companies who collect such high sets of data from so many people in check, especially when there is no way to tell what they will do with it and what kind of danger it might trigger. We need to be aware and keep in mind the flip side of the coin, especially when it comes to data collection.