Social media giants such as Facebook and Google are tracking machines, just like most big tech corporations. However, they have recently started to present themselves as the new defenders of privacy by updating their privacy policies and giving the users slightly more control over what is being collected. While this can be considered as a mere marketing measure as Facebook and Google still base their business model on tracking users to create profiles for optimized advertisements, TikTok is collecting even more data.
The Chinese social media giant TikTok is collecting as much data as possible from their users - whether TikTok needs the data to provides its service or not.
TikTok does not even hide what it is doing. In its privacy policy, it states the vast amount of data that it collects from its users - much more data than TikTok would need to provide the service, even more data it would need to show targeted advertisements:
"We automatically collect certain information from you when you use the Platform [TikTok], including internet or other network activity information such as your IP address, geolocation-related data, unique device identifiers, browsing and search history (including content you have viewed in the Platform), and Cookies."
While other services like WhatsApp are now encrypting private messages, TikTok does the opposite. It even states that it scans and analyzes the messages in its privacy policy:
"We collect and process, which includes scanning and analyzing, information you provide in the context of composing, sending, or receiving messages through the Platform’s messaging functionality. That information includes the content of the message and information about when the message has been sent, received and/or read, as well as the participants of the communication."
TikTok collects a massive amount of data, maybe even more than Facebook, Google, and Twitter. The real novelty of TikTok, however, is that it is based in China, owned by a Chinese company, with close ties to the Chinese government.
Thus, all data available to TikTok is also available to the Chinese government. Since there are no legal limitations in China on what data the Chinese government can request from TikTok, literally everything is available to the authorities.
For that reason, President Trump has now issued an Executive Order that will ban transactions between US entities and the parent company of TikTok. It is not yet clear to what extend this ban will limit US citizens from using TikTok.
For instance, people who have already installed the app, will be able to keep using it. However, it is expected that US companies, such as Google and Apple, will stop offering the apps in their respective app stores.
Another option is also being discussed, one that is favored by US President Trump: TikTok could be sold to a US company, for instance Microsoft or Twitter.
The message of this option is clear: Surveillance via social media giants is okay, but not when the surveillance is being done by China. This chain of thought is completely understandable given that mass surveillance via social media services such as TikTok enables the Chinese government to eavesdrop on US government employees or collect data for industrial espionage.
However, if TikTok is going to be allowed to continue to operate under American ownership, one major problem remains: surveillance. While concerns about data privacy issues in regards to China will be eliminated, the data will still be there - not available to Chinese, but to US authorities.
Social media platforms are surveillance machines. Whether its Facebook, Google, Twitter or TikTok. Even if the amount of data differs, the problem is that the data is there and that the authorities have the capability to ask for this data.
The Intercept concludes on this issue that: "The BlueLeaks documents highlight that without more restrictions in the United States on what companies can collect and hand over to investigators, there’s reason to worry about any social media platform, American or Chinese."
Instead of activism against individual companies, the US needs a strategy for data protection to define "how all companies treat our data" says cybersecurity expert Melissa Hathaway to the German tech news site Heise.
According to Hathaway, this would involve addressing fundamental regulatory issues, such as the transparency of the extent and nature of data collection, storage and transfer, as well as questions about the purpose of use, necessary consents and access rights of law enforcement officers.
"Doesn't that sound a bit like the General Data Protection Regulation?" the site then asks.
"Yes, exactly," Hathaway answers, underlining that California's consumer data protection law is even stricter than the European GDPR in certain aspects.
At the moment, however, it does not look like the US government would introduce a data protection regulation nationwide. The only thing that users can do to protect their data is quit TikTok. And while you are at it, best quit Facebook and Google as well.