Yet social media platforms are some of the world’s most powerful businesses – not least because they can collect massive amounts of user data, and use algorithms to turn the data into actionable knowledge.
This is how it manages to be so addictive, with some 1.2 billion users as of December 2021. This number is expected to rise to 1.8 billion by the end of the year.
It’s against the background of these huge numbers that the Federal Communications Commission in the United States wrote a strongly worded letter to the chief executives of Apple and Google last Tuesday.
It urged them to remove TikTok from their app stores on the grounds that the company – or more precisely its Chinese parent ByteDance – can’t be trusted with US users’ data.
In his letter, FCC commissioner Brendan Carr says:
TikTok is owned by Beijing-based ByteDance — an organisation that is beholden to the Communist Party of China and required by Chinese law to comply with the PCR’s [the People’s Republic of China] surveillance demands.
TikTok US has repeatedly denied breaching US data privacy regulations. It says user data are stored on American servers and not shared with ByteDance. But Carr says these measures fall short of guaranteeing privacy:
TikTok’s statement that ‘100% of US user traffic is being routed to Oracle’ [in the US] says nothing about where that data can be accessed from.
Following robust questioning by US senators, TikTok has admitted its US-stored data are in fact accessible from China, subject to unspecified security protocols at the American end.
Australian users also have their data stored on US servers, with backups in Singapore. But it’s not known whether these could include users’ browsing habits, images, biographical information, and location. And if they are subject to the same safeguards as American data.
The unusually blunt language from Carr may have followed leaked audio obtained by Buzzfeed from more than 80 internal TikTok meetings.
According to a Buzzfeed report from mid-June, China-based employees of ByteDance have repeatedly accessed non-public data about US TikTok users. The tapes overwhelmingly contradict TikTok’s earlier data privacy assurances.
For example, in a September 2021 meeting, a senior US-based TikTok manager referred to a Beijing-based engineer as a “master admin” who “has access to everything”.
That same month a US-based staffer in the Trust and Safety Department was heard saying “everything is seen in China.”
In short, the recordings corroborate the claim that China-based employees have often accessed US data, and more recently than earlier statements asserted.
On the one hand, TikTok is in the business of entertaining users, with a goal to keep them on the platform and expose them to targeted advertising. On the other hand, TikTok can be used to spread misinformation and influence users to their detriment.
Seen in this weaponized context, the US government’s strenuous objections to TikTok come into clearer focus.
Moreover, past events have also raised good reasons to suspect Chinese actors of mass data harvesting online.
In 2020, Australian media outlets reported on a leak from Zhenhua Data, a Chinese company with clients including the Chinese government and the People’s Liberation Army.
The leak was said to contain data on more than 35,000 Australians – including dates of birth, addresses, marital status, photographs, political associations and social media accounts. This information was gathered from a range of sources, including TikTok.
Removing the trendy app from Google’s and Apple’s app stores can only be done on a country-by-country basis. India banned the platform in June 2020.
If the Australian government were to make the TikTok domain inaccessible from Australia, it could still be accessed through a virtual private network.
A VPN service allows users to create a secure network within a public one – disguising their country of origin. It’s the same tool that allows file-sharing on Pirate Bay and access to other countries’ Netflix programs.
But even if TikTok was banned in Australia and had access removed, or if users terminated their accounts, existing data on the US and Singapore-based servers would remain there. And we now know that data can be accessed by TikTok’s parent company, ByteDance, in Beijing.
Like any technology, TikTok is neither good nor bad. But the way in which it is used creates the potential for both.
The best defense with any potentially dangerous technology is to approach it with healthy skepticism and share as little as possible.
In the case of TikTok – and other social media – this may involve:
- Not disclosing your full name.
- Not disclosing your age and birthday.
- Not disclosing your physical location, including through pictures or video.
- Turning off the “suggest your account to others” setting.
You can also request account deletion. But don’t expect TikTok to delete all the data associated with it. That is their data now, and you agreed to handing it over when you signed up.
The views and opinions expressed in this article are those of the author and do not necessarily reflect the official policy of China Factor.