TikTok's GDPR compliance is under investigation for allegations of data misuse
TikTok does not fulfill its obligation to protect children who use its services and is likely to collect and distribute juvenile personal data to unknown third parties, some of them in China, in violation of the General Data Protection Regulation (GDPR).
This article was published on Tmarket.ge in Greece on July 29th, 2020. Please find the English translation below.
This is according to the Amsterdam-based Foundation for Market Information Research (Stichting Onderzoek Marktinformatie, or SOMI), a non-profit organization that advocates for data privacy and consumer issues in the Netherlands and throughout Europe.
SOMI urges concerned parents from anywhere in the world to contact them through the website and sign up for a small fee as they collect information in the face of a possible collective complaint from the Chinese-owned social media platform.
"Europe has created the GDPR to allow consumers to control their personal data and protect minors in the digital world," said Cor Wijvliet, co-founder of SOMI. "TikTok has consistently violated similar standards in EU countries, several times."
"This is a major cause for concern; not only because it happens without the consent of the customer or without their knowledge, but especially because the company is known to have committed such crimes in the past," he said. "Children are insufficiently protected from unwanted contacts via the Internet. So we decided to take a stand.
"The first step is thorough research. Only then can we create a potentially successful claim. To do this, we now collect user data and survey findings. However, the goal of our public action is not so much to obtain monetary compensation; This is just a cherry on a cake. Our main goal is to make sure that children are well protected online and that individual users are not powerless against popular software developers. Together, we are stronger and the claim is stronger. ”
SOMI's main complaint is that TikTok warned last year that children do not have adequate protection against online contact with adults they are not aware of and that parental supervision of the service may be "completely inadequate".
It is said that TikTok allows minors to create a user account from the age of 13, which for one thing is easily overdone by the age of 13, and because most in Europe are under the age of 13, it, therefore, requires permission to process custody data; That TikTok handles more sensitive data such as device information, location, and user activity, even if inactive; That TikTok does not have transparency around information, communication and rules for entities to exercise their data rights and what data it gives third parties access to, and how and what they have with them; And that TikTok's design and default settings fail to provide guaranteed data protection under the GDPR.
SOMI also believes that TikTok has not taken the appropriate technical and organizational measures to ensure that its application complies with the GDPR and that it is likely to transmit data outside the EU - citing a June 2020 study by security firm Penetrum that Claiming that almost 40% of the IP addresses used by TikTok are from China and may be linked to Alibaba, again a violation of the GDPR, as China is not considered a safe third country by regulation.
" We are in compliance with existing laws and regulations on data protection very seriously, GDPR- including our user data currently stored in the US and Singapore, and we also announced our intention to establish a European database in Ireland. TikTok is not available in China and we have never provided data to the Chinese government, nor will we do so. ”