tiktok fine data protection

How TikTok is Evolving in the Context of Privacy 

11 November 2020 

Whether for its viral dances, cute kitten clips or the attention it garnered from Donald Trump, you have probably heard of the video mobile application TikTok.

Created by the company ByteDance, when Douyin (the Chinese precursor to the globally available TikTok) launched in September 2016 it was clear that the easy-to-use video creator was going to be a hit. Its worldwide release came in May 2017 and since then its popularity has continued to soar. As of October 2020, TikTok is available in over 150 countries and has over 1 billion users.

But success comes with its own pitfalls. When a business quickly expands and suddenly operates in a multitude of jurisdictions, it can be difficult to ensure that the different legal requirements have been clearly met ahead of the service or product gaining traction within a country. Amid a swathe of privacy law changes, the Chinese originated TikTok found itself under the scrutiny of foreign policy makers.

The concern was that its parent company ByteDance could be mandated by the Chinese state to disclose personal data about its users, the majority of whom are non-Chinese citizens. Most privacy laws have a caveat which allows the state to access information in specified circumstances. However, in a politically fraught summer where there was international condemnation of the Chinese state approach to Hong Kong protests – there was pressure to ensure domestic nationals were adequately protected. Not least because TikTok is so popular with younger users.

India outright alleges that the Chinese state is unlawfully using its users’ data and the application is currently banned in the country (although a similar ban was lifted and there are predictions that this too will be short-lived). Tensions reached boiling points in America when Donald Trump signed one executive order banning US transactions with ByteDance and another requiring ByteDance to sell its US operations by 12 November 2020. TikTok Global (as a subsidiary of ByteDance) was left between a rock and a hard place. Of course with recent elections, it’s yet to be seen whether the US position will soften, but the point remains: TikTok is centre stage, and facing scrutiny.

TikTok Global is currently in negotiations with Oracle and Walmart** to try and resolve the concerns, but there is no clear resolution in sight. The proposed deal would grant Oracle 12.5% and Walmart 7.2% shares in TikTok Global, the other 80% remaining with ByteDance as the parent company.

If successful, Oracle would become TikTok Global’s technology provider, responsible for hosting all US user data and securing associated computer systems. The US Secretary of State, Mike Pompeo, asserts that ByteDance would be a passive shareholder and the deal would see American citizens’ data safe from the risk it could be accessed by the Chinese state. Interestingly, the editor-in-chief of the Global Times (a tabloid backed by China’s Communist Party) tweeted that Beijing were not set to approve the agreement on the basis it would endanger the country’s national security, interests and dignity.

Closer to home, TikTok is putting the work in to allay security fears. In June 2020, TikTok Technology Limited (TikTok Ireland) launched a new data centre in Ireland for hosting European users’ data. It last updated its privacy policy just in July 2020, with published guidance for parents of TikTok users and additional information on how to change privacy settings. As a group of technology nerds who write a lot of this type of stuff – we know the graft that will have gone in behind the scenes to get it all done.

It demonstrates the pressure that different legal frameworks can have: TikTok is grappling with legal proceedings to contest bans; trying to secure a deal whilst being scrutinised by the American and Chinese government and draft all the policies it needs to meet its transparency requirements under European law.

Remember that regardless of the stage of your business (start-up, scale-up or household name), your business needs to be able to adapt to new compliance requirements or risk drawing the ire of potential investors or local regulators. With the proposed Online Harms bill an obvious example, it continues to be the case that businesses need to scan the legal horizon to ensure they’re ready for any proposed changes. If you’d like any help keeping in the loop with legislation that might impact your business, we’re here for you – just get in touch.

** This article was published on the 11 November 2020, with a number of updates having taken place since. Perhaps the most noteworthy of these is the indefinite shelving of the Oracle and Walmart TikTok deal mentioned in this piece. Since this article’s publication, the Biden-Harris administration have begun a review into the previous administration’s efforts to clamp down on potential security risks related to Chinese ventures, and as a result, the deal looks set to remain on hold for the foreseeable future.

For more on the pulse legal insights, you can sign up to our newsletter here.

Other Insights