In the last few years, politicians and security professionals alike have shared their thoughts about potential privacy issues related to TikTok and its parent company ByteDance, which is headquartered in Beijing. Chinese-based companies are required to share information with the government, should they come knocking, so it's understandable when people raise questions about the data that TikTok collects.
"Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognized under the GDPR [the EU's general data protection regulation], we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data."
This new policy should help clarify how many employees have this level of access and exactly what information from TikTok users is being observed.
Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems, shared his thoughts on the new policy:
A lot of the parents, like myself, would be comforted to see more ongoing and somewhat radical transparency from tech companies like TikTok with details on the number of employees with this level of access, and how much information from how many TikTok users were viewed in accordance with the different lawful uses outlined in the policy.
It is only with modern data security practices that monitor actual operations in accordance with their privacy against personal information that TikTok will be able to provide sufficient transparency like this to privacy regulators, users, and governments that they are truly privacy conscious."
While this will almost certainly not be the last we hear of TikTok's privacy policies, it is good that the company is at least trying to be more transparent about the data it collects. What are your thoughts on this policy?
Follow SecureWorld News for more stories related to cybersecurity.