Latest News, Updates, Tutorials and much more

Blog

TikTok And Data Privacy

TikTok Privacy Concerns: Cookies, Tracking Technologies, and Recent Fines

TikTok, a video-sharing app, is a popular social network, especially with teenagers. More than 150 million monthly users are reportedly watching TikTok in the United States alone. However, there are concerns about data privacy.

Recently it was fined by French and Irish data protection authorities for breaches of data privacy laws.

Let’s look at TikTok data privacy issues and the latest news regarding fines.

Little Trust in TikTok

The TikTok application has recently been highly criticized in the United States due to suspicions of spying for China. All of it comes in the background of trade tensions between Washington and Beijing. In the US, the Tik Tok app is subject to blocking on the devices of government officials. Some other European countries also recommend stopping using the app on the devices of government officials.

TikTok Privacy Policy: Cookies, TikTok pixels, and Other Tracking Technologies

TikTok states on its Cookie Policy that it uses cookies, tracking pixels, Application Programmable Interface, Software Development Kits, mobile advertising IDs, and local storage to enable certain features of the app and distinguish your device from others.

TikTok cookies assign a unique number to the device and collect adequate information like IP address, interests and activity on the app, and others. Cookies are stored on your browser by the websites that you visit. There are session cookies, which exist only while your browser is open and are deleted automatically after the closing of the browser, and persistent cookies, which are stored on your browser for months or even more. TikTok cookies are also used by third-party service providers and are necessary for the advertisement. They help with the measurement, optimization, and targeting of advertisement campaigns.

Local storage files are used to store information locally on your browsing device. They are similar to cookies but could store more information about the user and can be stored in a different location on your device. Local storage is used by TikTok to speed up the app and site functionality and remember user preferences.

TikTok tracking pixels are small 1-pixel x 1-pixel invisible image files that are used to track website pages, visited by users. Tracking pixels allow to know, if the user visited specific pages.

Software Development Kits are files that collect data about your device, network, and interaction with a website. They also assign your device a unique number.

Mobile advertising IDs collect a unique number of users’ devices and are used by TikTok and its service providers to recognize user’s devices. This allows to deliver personalized ads to the user’s device and measure the effectiveness of those ads.

An application Programmable Interface (API) is a code that helps the communication between two or more applications. TikTok APIs are used to communicate between TikTok and its service providers.

Even if TikTok uses these tracking technologies for personal data collection, collecting data isn’t unique to TikTok. Most of the apps like Facebook, Twitter, Instagram, Google, YouTube, and others use cookies and other tracking technologies to collect users’ personal data like your device ID, your interests on the app, your location, what other websites you’re visiting, what links you click on, and other. Tracking technologies are used by most apps to distinguish users’ devices and enable advertising, measure the performance of advertising, and improve users’ experience.   

To comply with privacy laws, applications need to use tracking technologies correctly, get user Cookie Consent, know, what data could be collected and processed, and use cookie banners according to the laws. CookieScript Consent Management Platform allows to comply with the GDPR and other privacy laws and avoid fines.

TikTok Fined by CNIL and ICO for Breaches of Data privacy laws

In Europe, the personal data of users is protected by the General Data Protection Regulation (GDPR), which regulates what data could be collected, processed, stored, sold, or shared, and how to do it correctly. All countries in the European Economic Area (the EEA), to which the law applies, have the GDPR incorporated into their national data privacy laws with slight differences. Compliance with the laws is enforced by national data protection authorities.

On January 12, 2023, the French Data Protection Authority CNIL announced a €5,000,000 fine for TikTok for violations of personal data collection and applicable cookie rules. The fine was imposed at the end of 2022. TikTok was using inadequate Cookie Consent – the refusal mechanism was too complex for users. It was not as easy for users to refuse cookies as to accept them. Cookies could be accepted immediately with just one click, but several clicks were necessary to refuse all cookies. So, TikTok was essentially manipulating Cookie Consent by making it easier for website visitors to accept TikTok tracking than to opt-out.

In addition, the CNIL notes that TikTok had not informed users “in a sufficiently precise manner” of the purposes of the cookies. The use of cookies was unclear both on the Cookie Banner shown for the first time on the website and on the dedicated webpage that was accessible after clicking on a link presented in the banner.

On April 4, 2023, the UK Information Commissioner’s Office (ICO) has issued a £12,700,000 fine to TikTok Information Technologies UK Limited and TikTok Inc for a number of breaches of data protection laws, GDPR and DPA 2018. According to the ICO, the platform did not take adequate actions to prevent the usage of the app for children under 13. Personal data belonging to children under 13 was used without parental consent. TikTok also did not perform adequate checks to identify and remove underage children from its platform.

In addition, the ICO originally intended to set a £27 million fine for TikTok. Taking into consideration the representations from TikTok, ICO decided not to pursue the provisional finding related to the use of categorized data, and this potential infringement was not included in the final amount of the fine.

Conclusions

The TikTok application recently was highly criticized in the United States and Europe due to personal data privacy concerns. The platform uses cookies, tracking pixels, Application Programmable Interface, Software Development Kits, mobile advertising IDs, and local storage to distinguish user devices from others, increase performance and improve the user experience of the app. Mentioned tracking technologies are also used to enable advertising and to measure the performance of advertising. Note that collecting data isn’t unique to TikTok. Most of the apps like Facebook, Twitter, Instagram, Google, YouTube, and others use cookies and other tracking technologies to collect users’ personal data.

However, at the beginning of 2023, TikTok was fined by the French and UK regulators for breaches of data privacy laws. TikTok was fined 5 million euros by the CNIL for inadequate Cookie Consent, and £12,700,000 by the ICO for insufficient actions to prevent the usage of the app for children under 13.

The fines are also not unique to TikTok. In 2021— 2023, there were multimillion fines issued for the GDPR breaches to Amazon, Facebook, Instagram, WhatsApp, and other online service providers. Read the article about the biggest GDPR fines so far.

To avoid fines, you need to have a reliable and professional Consent Management Platform (CMP). CookieScript CMP offers one of the best cookie compliance solutions for your business with the following functions:

  • Provides fully customizable and configurable Cookie Banner. You can personalize colors, fonts, text, and style, and adjust the banner to your website's design.
  • Creates a unique and professional Privacy Policy for your business or website.
  • Maintains a full history of user consent for proof of compliance.
  • Scans your website for cookies and auto-updates your cookie list and Cookie Policy.
  • Categorizes cookies and provides a cookie declaration that includes a cookie provider and third-parties information.
  • Allows users to withdraw consent easily and at any time.
  • Blocks cookies until users agree to the Cookie Consent and the Privacy Policy.
  • Requires parental Cookie Consent for children.

In addition, CookieScript CMP has an easy-to-use interface and privacy laws’ compliance hints, so even not professional users could be sure their website is compliant with the GDPR, CCPA, and other privacy laws!

Frequently Asked Questions

What tracking technologies does TikTok use?

TikTok uses cookies, tracking pixels, an Application Programmable Interface, Software Development Kits, mobile advertising IDs, and local storage to distinguish your device from others, enable certain features of the app, improve users’ experience, and measure the performance of advertising. However, this isn’t unique to TikTok: most of the apps like Facebook, Twitter, Instagram, Google, YouTube, and others use cookies and other tracking technologies to collect users’ personal data.

Is TikTok safe to use?

TikTok uses tracking technologies like cookies or tracking pixels for personal data collection. However, this isn’t unique to TikTok: most of the apps like Facebook, Twitter, Instagram, Google, YouTube, and others collect users’ personal data. So, there is no difference between TikTok and other major apps as long as they comply with privacy laws.

What TikTok was fined for?

At the beginning of 2023, TikTok was fined by the French and UK regulators for breaches of data privacy laws. TikTok was fined 5 million euros by the CNIL for inadequate Cookie Consent, and £12,700,000 by the ICO for insufficient actions to prevent the usage of the app for children under 13. Use CookieScript to comply with privacy laws and to avoid fines.

Does TikTok access your data?

TikTok uses tracking technologies like cookies or tracking pixels for personal data collection. Most notably, it accesses your location, your activity on the app, and your device information.

What age is required for TikTok rules?

TikTok requires that users be at least 13 years old to use the basic TikTok features. In practice, there is a way for younger kids to access the app. On April 4, 2023, the UK regulator ICO issued a £12,700,000 fine to TikTok for insufficient actions to prevent the usage of the app for children under 13.

New to CookieScript?

CookieScript helps to make the website ePrivacy and GDPR compliant.

We have all the necessary tools to comply with the latest privacy policy regulations: third-party script management, consent recording, monthly website scans, automatic cookie categorization, cookie declaration automatic update, translations to 34 languages, and much more.