Hot on the heels of the FCC Commissioner asking platforms to remove TikTok, the company announced a major security-related position shift. The current head of global security, Roland Cloutier, is stepping down effective September 2. Kim Albarella will temporarily replace Cloutier as the interim head of global security.
TikTok also announced it would pause a controversial privacy policy update in Europe which was due to launch last week. After the update, TikTok would have stopped asking users for their consent to run personalized ads on the app. However, multiple European watchdogs got involved, and Italy even sent TikTok a formal warning last week, causing the company to pause and reevaluate its plan.
Two significant privacy-related changes in one week could point to internal instability in the company. Given the recent international backlash over TikTok’s invasive data collection practices, the app may be scrambling to protect its public image.
TikTok’s Head of Global Security Steps Down
In its announcement, TikTok states Cloutier will move into an advisory role to “focus on the business impact of security and trust programs.” Interestingly, Cloutier also mentions the company’s recent announcement about data management changes in the US, which refers to TikTok migrating its US user-generated data to Oracle’s servers.
The announcement also mentions some highlights accomplished during Cloutier’s 2-year tenure. It includes minimizing employee access to user data and data transfers across regions. This comes despite proof in a Buzzfeed News report showing Bytedance (TikTok’s parent company) employees and Chinese officials have unfettered access to TikTok users’ data. The announcement doesn’t address those issues.
TikTok didn’t respond to the Buzzfeed News report in this announcement but did try to provide some context in a letter responding to US officials’ calls for clarity. The company said its China-based employees can access user data “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team.”
The letter also mentioned that the company is working on a security initiative called “Project Texas,” which aims to improve the app’s security for US-based customers. According to the letter, Project Texas will “make substantive progress toward compliance with the final agreement with the U.S. government that will fully safeguard user data and U.S. national security interests.”
The popular app isn’t just facing troubles stateside either. European regulators did not respond positively to TikTok’s plan to alter its privacy agreement for the European market.
New TikTok Update Paused After Backlash
The Irish Data Protection Commission (DPC), TikTok’s lead EU privacy regulator for the GDPR, opened two probes into the company after it announced a controversial new privacy update. That, coupled with a warning from the Italian data protection watchdog Altolà made the company pause a planned privacy policy update.
These responses address a post in which TikTok disclosed incoming changes to its T&Cs for the EU, UK, and Switzerland. One of these changes aims to use a legal basis to alter its privacy policy, so it no longer needs consent from users to serve them personalized ads. TikTok legally based this change on what is called ‘the legitimate interests’ exception in the GDPR.
The ‘legitimate interests’ clause allows companies to collect user data without consent if the legitimate interests of the organization or another person outweigh any adverse effect on the person whose data it collects.
In its public warning to TikTok, Altolà mentions that the company has an inadequate legal basis for their legitimate interests exception and that this could negatively affect minors. Especially since the app has a history of failing to adequately identify minors on its platform.
The Italian authority also said it started investigating the planned privacy policy revision when TikTok announced it. According to the watchdog, TikTok’s planned change is incompatible with the EU’s GDPR directive and with Italy’s local data protection law. That means, in Italy at least, TikTok’s planned change has little to no chance of succeeding even after the DPC’s investigations are finished.
The DPC already has two open GDPR investigations centered on TikTok’s platform, including how it processes children’s data. These investigations launched in September 2021 and are still ongoing. Building on that, it could take a while before the DPC finishes its latest inquiry into the company’s practices.
Corporations’ Data Gathering Practices are Getting More Aggressive
TikTok isn’t the only data-hungry organization out there, even though its concerning practices are currently making headlines. Other platforms like Meta and Instagram, Amazon, Alphabet Inc, and YouTube have also been under scrutiny for their invasive data practices for years. Many popular services, including period tracking apps, employ extremely invasive data tracking methods.
Interventions like the GDPR and other data protection laws do provide a buffer, but companies are constantly looking for ways to circumvent these restrictions. That seems to be the case with TikTok as well, seeing as the company is trying to find a loophole for data gathering through the legitimate interests clause.
If you’re concerned about your privacy on the app, you can delete your TikTok account to prevent it from gathering more of your data. You can also change your privacy settings on other platforms to help improve your digital privacy, although you can’t stop data gathering entirely. If you’re concerned about any app activities, report them to your local watchdog authorities.
You can also install CyberGhost VPN to help encrypt your connection and gain better privacy and security online. Consider switching to a private browser and encrypted messaging app as well.
Leave a comment