NCDIT Logo

TikTok Risks, Restrictions & Guidance

Privacy, cybersecurity and data protection concerns about TikTok have led many federal and state government agencies in the United States to prohibit the app's use on government-issued devices.

Author: Cherie Givens, Chief Privacy Officer

What Is it?

TikTok is a social media app, owned by Chinese company ByteDance, that hosts user-submitted videos. The app allows users to create, watch and share short videos online. It has grown in popularity since its launch in 2016. People across several countries, including the United States, use the app.

How Does It Work?

Users can sign up for a TikTok account using their email address, phone number or through a social media account like Facebook. Once a user has logged in, they can search for videos across different categories, and users can share their connections’ information to find them on TikTok.

TikToK’s popularity stems from its use of artificial intelligence to customize the experience with curated recommendations and the user’s ability to create and watch videos. 

Privacy, Cybersecurity and Data Protection Concerns

Data Collection

TikTok collects information about users and the videos they watch, including how long users watch and the contents of the videos. Information is also captured about the user’s location, internet address and the type of device used to view the videos. Additional data can be shared with the app including the user’s phone contacts and social network connections. Age, phone number, and payment information may also be collected. 

Unauthorized Access and Surveillance

TikTok has come under fire for “operat[ing] as a sophisticated surveillance tool,” according to Brendan Carr, Commissioner of the Federal Communications Commission.1 In December 2022, it was confirmed that ByteDance, TikTok’s parent company, used the app to spy on two journalists who covered the company. 

ByteDance employees tracked journalists, improperly gaining access to their IP addresses and user data as the company attempted to find the source of company leaks. ByteDance’s internal investigation validated concerns about TikTok’s privacy and security. 

Although the company took responsibility for tracking journalists and has been working to improve security, trust confidence in the U.S. has decreased.

Emily Baker-White, a Forbes journalist who reported that she listened to hours of internal audio from ByteDance, has warned that even though TikTok user data from the United States was stored in the U.S., “there was a lot of access to [U.S.] user data by China-based employees and that access continued into 2022” and has not been fully severed to her knowledge.2  The Forbes story caused concern among U.S. lawmakers. Research by journalists showed an overlap of employees working at TikTok who worked at Chinese State Media adding to concerns. 

History of Collecting Personal Information from Children

TikTok was fined by the Federal Trade Commission in 2019 for collecting personal information from children under the age of 13 in violation of the federal Children’s Online Privacy Protection Act. It paid a fine of more than $5 million and made changes to its app to include a restricted mode for younger users. 

Federal & State Restrictions on the Use on Government Devices

Concerns about how TikTok could exploit data led India to ban its use in 2020. The U.S. federal government has followed suit, restricting TikTok’s use on government-owned devices in several federal agencies, including the U.S. Department of Homeland Security and the U.S. Department of State. The U.S. House of Representatives restricted the use of TikTok on all House-managed devices ahead of an anticipated government-wide ban.

Similar restrictions in 19 states have been proposed, and on January 12, 2023, Governor Roy Cooper signed Executive Order 276 prohibiting the use of certain applications and websites, including TikTok, on state information technology.

On January 26, 2023, the secretary of the N.C. Department of Information Technology released a policy to provide further guidance on how to implement the executive order. The policy restricts the use of TikTok on state-owned devices due to privacy and cybersecurity concerns. 

Guidance: How Can We Protect Ourselves and Our Children When Using TikTok?

The easiest option is to delete the app from all your devices.

  • TikTok videos can be viewed online without an account. Videos can be viewed on YouTube, on TikTok.com using a browser, and through other sites that make TikTok content available. Accessing content outside of the app, in conjunction with other protective measures such as the use of virtual private network, can increase security. 
  • App-enhanced services, such as following creators, commenting and sharing content, are not possible. 
  • Several websites offer tips on how to search TikTok for specific content or content from specific creators from the web.

Those who continue to use the TikTok app should follow the tips below to increase their security and privacy:

  • Read TikTok’s privacy policy to understand the app’s data collection, retention, and security, as well as your rights.
  • Understand that TikTok may collect information from and about you, including information that you provide, information from other sources, and TikTok may automatically collected information including information about your device (as per their privacy policy)
  • Limit the information you share with the app. 
    • Do not share friends or connections’ information. This protects your privacy and the privacy of your connections.
    • Avoid messaging in the app.
  • Adjust your privacy settings to limit the ability to link to other social media accounts.
  • Do not use TikTok on devices containing sensitive information. This includes work devices and personal devices.
  • Understand that TikTok employs measures that may allow for the fingerprinting of your devices, giving them the ability to understand the specifications of your device even when you are not logged in.3
  • Understand that today’s relationships between the technology and geopolitical tensions mean that there can be potential risks related to government surveillance associated with the use of certain technology.
  • Consider limiting the sensitive information you share in TikTok videos.  This includes information displayed on computers in the background, posted on walls, papers, etc. Your precise location information, family information, items of value, etc., should also be limited.

Those who have children and teens using the TikTok app should follow these tips:

  • Check the profile and settings information to ensure that your children have signed up using their true age and that the app does not have access to their contacts and payment information.
  • Check to make sure their profile is private.
  • Consider implementing TikTok’s Digital Wellbeing in the app’s settings to: 
    • Limit the amount of time spent on the app. 
    • Restrict access to certain types of content.
    • Implement Family Pairing, which allows parents to link their accounts to their teen’s account to set parental controls (including restricting content, comments and access to certain types of content).

See Common Sense Media’s guide to TikTok for more guidance. 

Citations

1 Singh, Manish. January 2, 2023. “India set an ‘incredibly important precedent’ by banning TikTok, FCC Commissioner says,” TechCrunch.

2 Baker-White, Emily. December 22, 2022. “Exclusive: TikTok Spied on Forbes Journalists,” Forbes.

3 Fowler, Geoffrey, July 13, 2020. “Is it time to delete TikTok? A guide to the rumors and the real privacy risks,” Consumer Tech. The Washington Post.

Related Topics: