Hot on the heels of the FCC Commissioner asking platforms to remove TikTok, the company announced a major security-related position shift. The current head of global security, Roland Cloutier, is stepping down effective September 2. Kim Albarella will temporarily replace Cloutier as the interim head of global security.
Two significant privacy-related changes in one week could point to internal instability in the company. Given the recent international backlash over TikTok’s invasive data collection practices, the app may be scrambling to protect its public image.
TikTok’s Head of Global Security Steps Down
In its announcement, TikTok states Cloutier will move into an advisory role to “focus on the business impact of security and trust programs.” Interestingly, Cloutier also mentions the company’s recent announcement about data management changes in the US, which refers to TikTok migrating its US user-generated data to Oracle’s servers.
The announcement also mentions some highlights accomplished during Cloutier’s 2-year tenure. It includes minimizing employee access to user data and data transfers across regions. This comes despite proof in a Buzzfeed News report showing Bytedance (TikTok’s parent company) employees and Chinese officials have unfettered access to TikTok users’ data. The announcement doesn’t address those issues.
TikTok didn’t respond to the Buzzfeed News report in this announcement but did try to provide some context in a letter responding to US officials’ calls for clarity. The company said its China-based employees can access user data “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team.”
The letter also mentioned that the company is working on a security initiative called “Project Texas,” which aims to improve the app’s security for US-based customers. According to the letter, Project Texas will “make substantive progress toward compliance with the final agreement with the U.S. government that will fully safeguard user data and U.S. national security interests.”
The popular app isn’t just facing troubles stateside either. European regulators did not respond positively to TikTok’s plan to alter its privacy agreement for the European market.
New TikTok Update Paused After Backlash
The ‘legitimate interests’ clause allows companies to collect user data without consent if the legitimate interests of the organization or another person outweigh any adverse effect on the person whose data it collects.
In its public warning to TikTok, Altolà mentions that the company has an inadequate legal basis for their legitimate interests exception and that this could negatively affect minors. Especially since the app has a history of failing to adequately identify minors on its platform.
The DPC already has two open GDPR investigations centered on TikTok’s platform, including how it processes children’s data. These investigations launched in September 2021 and are still ongoing. Building on that, it could take a while before the DPC finishes its latest inquiry into the company’s practices.
Corporations’ Data Gathering Practices are Getting More Aggressive
TikTok isn’t the only data-hungry organization out there, even though its concerning practices are currently making headlines. Other platforms like Meta and Instagram, Amazon, Alphabet Inc, and YouTube have also been under scrutiny for their invasive data practices for years. Many popular services, including period tracking apps, employ extremely invasive data tracking methods.
Interventions like the GDPR and other data protection laws do provide a buffer, but companies are constantly looking for ways to circumvent these restrictions. That seems to be the case with TikTok as well, seeing as the company is trying to find a loophole for data gathering through the legitimate interests clause.
If you’re concerned about your privacy on the app, you can delete your TikTok account to prevent it from gathering more of your data. You can also change your privacy settings on other platforms to help improve your digital privacy, although you can’t stop data gathering entirely. If you’re concerned about any app activities, report them to your local watchdog authorities.