TikTok…. TikTok…. TikTok….
Is time running out for this platform that took the world by storm during lockdowns and has allowed many individuals to have a place to express themselves within short-form video?
TikTok is a social media platform that offers users the ability to create and share short-form videos. It provides a variety of tools, including editing options, filters, and sound effects, that allow users to express themselves creatively. The platform has a diverse user base and a vast audience, making it a place to showcase talents or connect with others who share your interests.
TikTok has gained widespread popularity, with millions of users worldwide. It is a platform for entertainment, self-expression, and creativity, allowing users to explore and discover content from around the globe. In addition, businesses and brands have started using TikTok to advertise their products or services to a broader audience.
But should we be paying more attention to this platform?
Overview of TikTok's Data Privacy Practices
TikTok is known for its ability to provide personalised content to users through its sophisticated algorithm, which curates content based on each user's interactions with the app. However, this algorithm requires the app to collect significant data from its users, including their location, device information, and browsing history. This data is used to personalise the user's app experience and serve targeted advertising.
While TikTok states that it stores user data in the US and Singapore, the app has faced criticism for its data collection practices and links to the Chinese government. The US government has raised concerns about the app's potential national security risks, leading to a proposed ban on the app in the country.
Additionally, TikTok has been accused of collecting and sharing excessive data with third-party advertisers without user consent.
It doesn’t end there though, TikTok has faced several controversies surrounding its data privacy practices in recent years too. One of the most prominent issues was the app's collection of clipboard data from iOS devices. This was discovered by security researchers who found that TikTok was accessing the clipboard of users' devices without their knowledge or consent. The clipboard data included sensitive information such as passwords and other personal data, which raised concerns about the security and privacy of users.
Cyber Security Risks for Companies Using TikTok
TikTok poses specific risks to companies that use the app, particularly in terms of data privacy and security. One of the biggest risks is the potential for data breaches, as sensitive information can be shared on the platform or employee accounts can be compromised. Due to this companies must take steps to protect their sensitive data and prevent unauthorised access to confidential information.
Another risk is the possibility of employees accidentally sharing sensitive information on TikTok. This could happen if employees use the app on company devices or if they share content that includes proprietary or confidential information. This can lead to serious reputational and legal consequences for companies, especially if customer data or financial information is exposed.
Additionally, the use of TikTok by employees can also put a company's reputation at risk. If employees use TikTok inappropriately or engage in conduct that reflects poorly on the company, it can harm the brand and erode customer trust. This can have long-term consequences for the company's success and bottom line.
To mitigate these risks, companies should educate their employees about the potential risks associated with using TikTok and establish clear guidelines for the acceptable use of the app. This may include prohibiting the use of TikTok on company devices or networks or requiring employees to use separate accounts for personal and professional use.
Companies should also implement data encryption measures and other security protocols to safeguard their sensitive data. Additionally, regular security audits can help identify and address potential vulnerabilities and ensure that company data is being handled in a secure and responsible manner.
While TikTok can be a valuable platform for companies to engage with customers and promote their brand, it is important for companies to be aware of the potential risks and take steps to protect their data privacy and reputation. By implementing appropriate security measures and establishing clear guidelines for acceptable use of the app, companies can minimise the risks associated with using TikTok and ensure that their data and reputation remain secure.
It is worth noting that PBS has stated that these issues with privacy and data collection are not unique to TikTok, but due to its popularity, it is under the highest amount of scrutiny. As an organisation, you may want to re-evaluate the use of other platforms within your company infrastructure too.
Regulatory Landscape and Compliance Considerations
The legal and regulatory landscape surrounding TikTok's data privacy practices is complex and constantly evolving. As a global app, TikTok is subject to various data privacy laws and regulations in different countries and regions.
In Europe, TikTok is subject to the General Data Protection Regulation (GDPR), which is one of the strictest data protection laws in the world. Under the GDPR, companies must obtain user consent for the collection and processing of personal data and must ensure that the data is processed securely and for specific purposes only. TikTok has implemented several measures to comply with the GDPR, including providing users with clear and detailed privacy policies and data protection notices, as well as implementing data encryption and other security measures.
In the United States, TikTok is subject to the California Consumer Privacy Act (CCPA), which gives California residents the right to know what personal information is being collected about them and to request that their personal information be deleted. TikTok has implemented several measures to comply with the CCPA, including providing users with clear and detailed privacy policies, data protection notices, and a way to submit data deletion requests.
From a cyber security point of view, the legal and regulatory landscape surrounding TikTok's data privacy practices is crucial. Companies that use TikTok must ensure that they are following these regulations to avoid potential data breaches and other security risks.
TikTok's compliance with the GDPR and CCPA is a positive step towards protecting user data, but companies must still be cautious when using the app. There have been concerns raised about TikTok's data collection practices, including the collection of clipboard data and the alleged sharing of user data with the Chinese government. This increases the risk of sensitive company information being inadvertently leaked or accessed by unauthorised third parties.
So where do we go from here?
As with any piece of software or platform that is used within your organisation's infrastructure there needs to be regulations and processes implemented to protect your key assets and data and your reputation.
It is also incredibly important for all individuals involved in the use of these types of platforms, cyber security companies, marketing teams and employees for example, to be aware of the implications of their use of them. We all need to ensure that we are informed and consider the platform terms and conditions and what these implications could be for an organisation.
Want to know more? Of course, you do! At Core to Cloud, we have multiple newsletters that itch that scratch of cyber security and tech news depending on what you want to keep up to date with. You can discover more here (Link)