TikTok may be a political-culture war victim, when the larger issue is data use

TikTok, owned by the Chinese company ByteDance, acquired Music.ly in 2017 and has garnered tremendous popularity during the pandemic and also filled a void once occupied by Music.ly, and before that, by Vine. The current controversy has been fueled by the U.S. administration’s stance toward social media platforms (especially Facebook and Twitter) as well as their stance on Chinese-based technology companies like Huawei.

The attempts by Russia to use social media data as a means to target vulnerable populations and weaponize platforms to spread dis-information has also placed a renewed focus on how nation-states might use social channels to manipulate U.S. elections. Does TikTok’s association with ByteDance imply that the Chinese government might force TikTok to hand over U.S. user data? 

Recently, TikTok has distanced itself from the Chinese government. The company has said that the app is not available in China, and they recently hired an American CEO. However, in their privacy policy, they state: “We may disclose your information to respond to subpoenas, court orders, legal process, law enforcement requests, legal claims, or government inquiries.”

The administration’s stance of threatening to strongly regulate or shut down social media due to censorship of false or misleading claims is counterintuitive to their continued use of these platforms for their gain. Both political parties use platforms like Facebook to micro-target communities for political ads and crowdfund for campaign pledges, while President Trump frequently uses Twitter to disseminate his agenda, policies, and opinions. With 84 million followers spreading his message for information dissemination or sarcastic dissent, it could be seen as his favorite and perhaps most impactful media pulpit. 

The recent Twitter hack where popular profiles were compromised in a Bitcoin campaign (especially Joe Biden and Barack Obama’s accounts) has drawn attention to vulnerabilities and manipulation of these platforms. Hackers working with insiders with access to administrative level controls showed how a coordinated attack could mislead others into providing funds or data. This has resulted in a refocus on the role of social media, regulation of the platforms, third party relationships, and data use agreements.

But does TikTok collect more data than other similar apps? Does it utilize, store, or share in a riskier manner, potentially exposing user data more than similar apps like Instagram, Snapchat, or dating apps like OkCupid, Bumble, or Tinder? Researchers found that the app does not appear to grab any more information than Facebook. 

According to its U.S. Terms of Use, the app generates revenue through the sale of advertising sponsorships, promotions, usage data, and gifts. Users grant TikTok a royalty-free license to use their name, image, and voice to identify users as the source of user content. This is on par with what other apps collect to monetize data and provide a free and valuable service.  

The privacy issue associated with TikTok, outside of the alleged connection with the Chinese government, is the same for many consumer-facing apps reliant on advertising dollars as their sole source of revenue. More users result in more content, which drives utilization and interaction — creating a tremendous amount of data as a source of targeted ads. So essentially, these apps are in the business of trying to collect as much information as possible. One of the issues privacy officers have with online apps is that users don’t usually understand the risk associated with using mobile apps. Different apps have different security policies, collect different data, and share with different third parties. Consequently, users leave a trail of “digital breadcrumbs” that malicious actors can use to steal an identity, sell personal data on the dark web or create a spear phish campaign to get access to a corporate network.

The other major concern is the data sharing between apps. Many apps allow users to import their data from Google, Facebook, or Twitter rather than create a new profile. These platforms collect a tremendous amount of data, and the user gives the app “permission” to gather information to start using it. That data gets shared and dumped into the new platform. Users making and sharing in TikTok might not have a clear understanding of the sensitive nature in sharing data through the app, even though it is laid out in the Terms of Use and privacy policy. According to the Pew Research Center for Technology and Policy, “Nearly 97% of Americans say they are ever asked to approve privacy policies, yet only about one-in-five adults say they always (9%) or often (13%) read a company’s privacy policy before agreeing to it.”  

Combine this with the often-confusing legal language in these policies, and multiply that over the myriad of apps that any individual might have on their phone, and you’re bound to see why there is little understanding of how individuals might be exposed and at risk.  

Besides user data, the main purpose of TikTok is the creation and sharing of videos. If employees are creating these at work, they might reveal information about their location, nature of operations, security provisions, etc. Most of the time this is done inadvertently, but because of location tracing, high-resolution video, and the tie to identity, users might provide sensitive information. Rather insignificant data from different users could be pieced together to provide sensitive information in aggregate. For example, the fitness app Strava gave away the location of secret Army bases. 

TikTok is just another app in the string of social media platform reform that needs to occur to ensure a clear understanding of privacy control, transparency around data collection, sharing and use, education associated with the risk of oversharing and the link between users’ rights and responsibilities and national security. The main issue policymakers have with TikTok is its alleged connection to the Chinese government. Other countries like India have already banned the app, citing privacy concerns that it posed a threat to India’s sovereignty and security. 

If there are limitations associated with its use in the United States, I believe TikTok will be the victim of a political and culture war rather than a stance on the misuse of data associated with operations.  

Ari Lightman is a distinguished service professor, Digital Media, and Marketing at Carnegie Mellon University’s Heinz College of Information Systems and Public Policy.