Documents from the company’s internal meetings reveal that the Chinese application is less rigorous than it claims with the personal data of its Western users.
The TikTok application was in turmoil since the discovery of 80 audio recordings recorded during internal exchanges, and analyzed by the American site Buzzfeed.
These documents revealed that application engineers, based in China, had access to the personal data of American users. The mentioned hearings last from September 2021 to January 2022. In his official speeches, however, the application claims that this is not the case.
• What is TikTok?
TikTok is a social network belonging to the Chinese company Bytedance. Launched in 2016, it took the form of an app dedicated to music and dance. Now TikTok is primarily a video application, which lasts from a few seconds to ten minutes.
The special feature of the social network is the connection of videos in an infinite way, through an efficient and dynamic algorithm. In the summer of 2021, TikTok crossed the milestone of one billion active monthly users. Thanks to its particularly addictive functioning, TikTok is the social network where users spend the most time.
• What personal information does TikTok collect?
Like most social networks, TikTok collects data about its users. This information is intended to feed sponsored content, on which the economic model of the application is based. This information includes basic information, such as the identifier, email address, or age of the user, that is valuable for spreading targeted advertising.
Like Facebook or Google, TikTok also has a tool available to millions of websites to track all the pages its users visit, for example to better understand their tastes and habits. This information is again necessary to offer tailor-made advertising.
According to internal documents mentioned by Buzzfeed, Chinese TikTok engineers could have access to other elements, such as comments written below the video, videos they like or accounts tracked by each user.
• Where does TikTok claim to store this data?
Ever since it gained great international popularity, TikTok has always shown its credentials to the personal data police, claiming that the data of its users do not pass to China in any way, and that they are stored in the United States and Singapore.
The app continued to face threats of blocking by former US President Donald Trump, but that didn’t materialize. The risk of sanctions has finally been buried by incumbent President Joe Biden.
As for European users, TikTok promised in 2020 to create a dedicated server in Ireland. If this promise has remained ineffective since then, the application recently reaffirmed, in April, its desire to set up these servers. Meanwhile, data on European users is stored in the United States and Singapore.
BFMTV asked TikTok to find out the list of locations where data on French users are stored and to find out whether the company is committed to ensuring that data relating to French users is not accessed from China. The company has not yet responded.
• What do TikTok internal touches reveal?
The audio documents contain 14 claims, made by nine different TikTok employees, indicating that engineers in China had access to the personal data of American users “at least” between September 2021 and January 2022, according to Buzzfeed.
In particular, we learn that certain information is not stored, as announced, on the American servers of Oracle (storage partner of TikTok), but on other servers belonging to TikTok, in the state of Virginia. If this data is geographically located in the United States, the fact that the servers belong to TikTok leaves the company under control.
“Physical location doesn’t matter if the data can still be seen in China,” Adam Segal, director of digital and cyberspace at the U.S. Council on Foreign Relations, told Buzzfeed.
Moreover, the statements revealed in the internal documents are quite explicit. “Everything can be seen in China,” a member of the TikTok Trust and Security Committee said during a meeting in September 2021.
“Despite the testimony of the company’s CEO under oath, given in October 2021, that the ‘world-renowned US security team’ will decide who has access to the data, nine claims by eight employees describe situations in which US employees had to look for their counterparts in China to understand how American data was handled, ”Buzzfeed said.
• What is the risk for users?
The main criticism of the application is its closeness – which has always been rejected – with the Communist Party of China. The transfer of personal data of Western users to the Chinese authorities, of course, indicates the possibility of espionage.
As a reminder, the main Chinese companies related to new technologies are grouped together in a federation, which means full support for the existing power.