SOMI Newsletter - September 9th, 2022
This is the newsletter for September 2022 from the Foundation for Market Information Research to its relations, including the participants in its actions, its sympathizers, media professionals and app users.
News
Upcoming: TikTok oral hearing on October 10th, 2022
The date for the oral hearing of phase 1 has been determined on Monday, 10th October, 2022. The first phase of the procedure starts with a hearing on the defendants' statement on the jurisdiction of Dutch court. Following the oral hearing, the (interlocutory) judgment on this may be expected within a period of 2-6 months. Click here for more information on TikTok claim.
----------------------------------------
TikTok Alleged Data Breach
On September 2nd, a hacking group 'AgainstTheWest' announced that they have breached TikTok and WeChat, claiming that the server contains over 2.05 billon records of user data, platform statistic, software code, authentication tokens and many more. TikTok has denied that they got hacked, but security researchers suspected that those data might be scraped from the platform.
SOMI is concerned about the impact of such large-scale data breach and we are looking for all data involved in this breach in order to inform the victims of the potential danger. In case the data were found on the Dark Web, it will be available on SOMI app so that our user can securely check whether their data were involved in the breach or not.
----------------------------------------
TikTok Privacy
A privacy researcher has recently discovered a tracking code on TikTok in-app browser that monitors the users' keystrokes which could lead to deciphering credit card numbers, passwords and other personal information.
On August 18th, Felix Krause, a Vienna-based security researcher, and founder of the app-testing company Fastlane, acquired by Google in 2017, published a report on the risks of iOS mobile apps using in-app browsers. His findings reveal that TikTok has been monitoring its iOS users activity on third-party websites when the users open any link via TikTok's in-app browser.
Krause found that TikTok has injected JavaScript code that monitors every text inputs and every tap on buttons, links, images or other components on websites when the users access those websites by opening any links on TikTok app. This can include passwords, credit card information and other sensitive user data.
Krause claims that his research does not show that any of the data thus exposed is tied to user's identity or their TikTok profile. Nor it can prove that TikTok is actually sending this data to its servers or shares it with third parties. However, in a statement to Forbes, he said "This was an active choice the company made. This is a non-trivial engineering task. This does not happen by mistake or randomly.”
TikTok's spokesperson confirmed that those tracking features exist in the code, "Like other platforms, we use an in-app browser to provide an optimal user experience, but the JavaScript code in question is used only for debugging, troubleshooting and performance monitoring of that experience — like checking how quickly a page loads or whether it crashes.”
SOMI is currently investigating this case to assess the privacy and security risks of those tracking codes, and whether TikTok has violated the GDPR and the impact that it has on European citizens.
Click here for the full report
----------------------------------------
SOMI App: Data Request on behalf of minors
SOMI is committed to protecting the fundamental rights of consumers, not only adults, but also minors who use online services. Next week, we launch a new feature on SOMI app, in which parents can request personal data on behalf of their children or minors they represent.
Under the GDPR, processing of personal data of minor under the age of 16 is unlawful unless the consent is given or authorised by the legal representative of the minor. Children should be granted additional protection online because they are less aware of the risks and consequences of sharing data and of their rights.
More and more children are present in the digital world, especially on social media, online games, and streaming platforms. Concerns are growing as many tech companies see the opportunity to harvest personal data from children and expose them to advertisement.
SOMI believes it is necessary for parents or legal guardians to know which data has been collected on their children in order to take appropriate action to ensure that their rights has been protected and that children can use Internet safely.
----------------------------------------
Podcast
TikTok is ignoring all the rules
The 'TikTok Tapes' by Buzzfeed, show that the American branch of the platform has passed on data to the Chinese parent company. In 2020 Trump already threatened to ban TikTok for this reason and now it appears to be happening. What now? And are we on the same boat in Europe?
This podcast was broadcasted by BNR Digitaal (in Dutch) on June 22nd, 2022. Featuring Menno Weij, member of the Supervisory Board of SOMI.
----------------------------------------
About SOMI
The Foundation for Market Information Research (SOMI) is a non-profit organization set up to identify and influence issues of social importance.
SOMI is a recognized claims foundation in the field of privacy and data autonomy and is committed, among other things, to the protection of the fundamental rights of consumers and minors who use various online services. With the app that SOMI has developed, we want to restore ownership and control over personal data to all the people: All your data. all yours.
SOMI investigates abuses, informs the public and helps injured parties. SOMI does this by conducting collective proceedings and claiming compensation.
SOMI is currently investigating alleged GDPR violations by Facebook and TikTok.