A new TikTok privacy policy confirms that employees located outside of Europe, including those in China, can access European users' data, at a time when the short-form video sharing app has been scrutinized over regulatory concerns about China's access to user information, according to The Guardian.
In the last few years, politicians and security professionals alike have shared their thoughts about potential privacy issues related to TikTok and its parent company ByteDance, which is headquartered in Beijing. Chinese-based companies are required to share information with the government, should they come knocking, so it's understandable when people raise questions about the data that TikTok collects.
Though it appears this new TikTok privacy policy is actually aiming to be more transparent about the data it collects, rather than hiding that information as a lot of other tech companies do. Elaine Fox, TikTok's Head of Privacy in Europe, discusses:
"Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognized under the GDPR [the EU's general data protection regulation], we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data."
This new policy should help clarify how many employees have this level of access and exactly what information from TikTok users is being observed.
The privacy policy update applies to users located in the U.K., the European Economic Area (EEA), and Switzerland, and goes into effect on December 2, 2022.
Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems, shared his thoughts on the new policy:
"The changes to their privacy policy by TikTok to reflect their actual engineering and fraudulent account practices should be commended; although will generate alarm bells primarily to the geographic spread of their employees with this level of access.
A lot of the parents, like myself, would be comforted to see more ongoing and somewhat radical transparency from tech companies like TikTok with details on the number of employees with this level of access, and how much information from how many TikTok users were viewed in accordance with the different lawful uses outlined in the policy.
It is only with modern data security practices that monitor actual operations in accordance with their privacy against personal information that TikTok will be able to provide sufficient transparency like this to privacy regulators, users, and governments that they are truly privacy conscious."
While this will almost certainly not be the last we hear of TikTok's privacy policies, it is good that the company is at least trying to be more transparent about the data it collects. What are your thoughts on this policy?
Follow SecureWorld News for more stories related to cybersecurity.
