Over 150 million people in Europe are using TikTok. The app has gained significant popularity due to its successful algorithmic practices and its addicting digital infrastructure which encourages endless scrolling for entertainment. Yet recently, it has received criticism about privacy concerns over the collection of sensitive information which could be obtained by the Chinese government through ByteDance - the company that owns the video-sharing platform (Holpuch & Maheshwari, 2023). In particular, officials from the European Union introduced a ban on the app from all of the work technology of its representatives. Previous concerns about TikTok have been amplifying political worries in the West, yet as of now, TikTok has only been deleted from the technology of employees of the European Union institutions.  This means it is still active on the phones of millions of people on the continent. Should ordinary users be concerned about their privacy? Most importantly, how is TikTok different from other content-streaming platforms in facilitating personal information? 

Governments have been working towards fulfilling both rightful data processing for users and data requirements by tech companies by issuing regulations such as the GDPR. While the regulation has brought improvement to the protection of privacy online (Zaeem & Barber, 2020), it has only regulated extreme data collection, not forbidding it, and as a result, tech companies are still feeding on our digital practices. Ben Hayes has explored this practice under the surveillance-industrial complex (2012), suggesting that governmental relationships with surveillance agencies and the technological private sector have complicated practices of security, transforming it into surveillance (Hayes, 2012). In the battle between TikTok and the West, the surveillance-industrial complex will serve as a framework for explaining that data collection and surveillance can strengthen and weaken political power. Furthermore, to understand whether only TikTok has been overreaching in its digital supervision, I will be comparing the privacy policy of the video-streaming platform against Meta’s. Based on this analysis, I will present how the surveillance-industrial complex brings complications to personal privacy, benefits to technological companies, and something in between to politics.

The ban on TikTok

Cybersecurity concerns have been ongoing due to multiple occasions in which the video-sharing app has brought controversy through its data-collecting practices. BuzzFeed (2022) and Forbes (2022) revealed that ByteDance employees, as well as TikTok employees, have previously accessed non-public personal information about certain individuals on the app - in particular, journalists who have worked on cases about the parent company ByteDance (Baker, 2022). Most importantly, in the report by Buzzfeed, an audio recording reveals a statement of an employee of TikTok’s Trust and Safety department stating that Everything is seen in China (Baker, 2022). This quote closely illustrates some of the surveillance practices of the Chinese government (Liboreiro, 2023). In fact, in 2017, the government adopted an  Intelligence Law requiring all citizens and companies to assist in protecting the country's interest by providing data if needed (Liboreiro, 2023). As a result, ByteDance may be obligated to collect and hand over the personal data of TikTok’s users even though that data is collected from other countries (Liboreiro, 2023). Concentrating on TikTok’s influence in Europe, the social media application has been previously fined by the Dutch Data Protection Authority for violating children’s privacy. These past issues suggest that the privacy-regulating institutions of the West have been wary of the app’s practices.

In February of 2023, the main powerhouses of the European Union - the Parliament, the Council, and the Commission restricted their representatives from having the social media application on their work electronics or any other technology that holds official information (Goujard, 2023). One could suggest that the reasons political figures were using the video app in the first place were because of their effort to appeal to the younger generation. However, other social media platforms like Facebook and Instagram are still being used by people in politics despite their share of controversy regarding digital surveillance. An article from the Washington Post reveals that "TikTok does not appear to take any more personal information than Facebook" (Fowler & Loeb, 2020), suggesting that most social networking platforms should be blacklisted for their data collection. As governments are fearful of hidden surveillance on TikTok, questions about the practices of other apps are yet to be considered. Moreover, if data collection is so problematic in the digital world, why are regulations issued only to restrict and not forbid it?

The Surveillance-Industrial Complex

The surveillance-industrial complex introduced by Ben Hayes (2012), focuses on the "relationship between the state and the private sector in developing and implementing surveillance systems for law enforcement and security purposes" (Hayes, 2012, p. 167). It is a framework that assesses the growth in power of technology companies that collect data, suggesting that it has brought both improvements and complications to the practices of governments that are simultaneously investing in technological power in exchange for protection,  while tech companies are working to dive deeper into personal data processing (Hayes, 2012, p. 167).  In addition, Hayes describes the surveillance-industrial complex as a "revolving door" between those responsible for our privacy and those actively trying to supply new methods of surveillance for protection(Hayes, 2012, p. 167). As a result, both legislators and corporate organizations can "exert influence on policy and practice when talking of technological supervision, a position that was previously only in the hands of lawmakers" (Hayes, 2012, p. 172). The scope of monitoring methods extends beyond solutions to state security, making social networking sites relevant to this theoretical foundation (Hayes, 2012, p.168), as they are the easiest source for mass data collection. 

In this way, the surveillance-industrial complex showcases that security becomes a complex idea leaning towards digital surveillance. Hayes (2012) mentions that these practices can threaten privacy as well as bring complications to governance. As a result, in the following paragraphs, the use of the surveillance-industrial complex will reveal that data processing, in the context of institutional security, delivers both reassuring and alarming results. 

Focus on privacy policy

As a guideline for my research, I made use of media articles discussing the ban of TikTok, as well as sources that explained the controversy around the platform. For the theoretical background, I focused on the work of Ben Hayes (2012) on the Surveillance-Industrical Complex included in Routledge’s Handbook of Surveillance Studies (2012).

To conduct my empirical research, I analyzed the privacy policy of TikTok in comparison to that of Meta’s Instagram and Facebook because of their greater popularity among social media users and their similarity in video streaming methods. Specifically, the privacy policy of Meta covers both Facebook and Instagram, therefore they are to be considered as having the same privacy regulations. As a user of all of the mentioned platforms, I accessed the privacy policies of each app through my account by looking for the Terms and Policies Section in Settings. After this,  I looked for the type of information that is collected from each user - personal & technical, the reasons why this data is necessary, and the future of this data collection - whether it is given to third parties, such as advertising companies, technological organizations, or governmental institutions. Through content analysis, I focused on the similarities and differences between the abovementioned categories of each privacy policy to determine if TikTok’s data processing practices are worse than those of Meta.

TikTok vs Meta

Types of Information collected 

In this part of both privacy policies, as seen in Figures 1 & 2, TikTok and Meta define personal information as "one that you provide". Firstly, the information that is collected is based on the characteristics of your profile such as picture, name, date of birth, etc. Secondly, the content that is made on the platform is also analyzed - defined as user activity. Further, both policies mention the collection of purchase history and contact information if permitted by the user. From the figures below, it is apparent that the types of information required by the companies are very similar. As a result, in this section, there is no significant difference in information collection.

Screenshot of Personal Information Section on TikTok's Privacy Policy

 

Screenshot of Personal Information Section on Meta's Privacy Policy

 

Moving forward, the second type of information provided by the user accessing these platforms is regarded as technical. As seen in Figures 3 & 4, both platforms collect data on approximate location (exact location if the user allows it), IP address, device model, operating system, and activity on the device (keystrokes, performance, preferences).  Mentioned further in the list, and not included in Figure 3, TikTok also collects metadata from your photos and videos which have been used to create content, or to which they have access, similar to the fifth point in Figure 4 of Meta’s policy.  Additionally, TikTok and Meta make use of information from other sources about their users mentioning advertising websites, payment providers, and other partners. From this we can see that both companies gain knowledge of our online and offline practices through other sources, being able to build on our technological identity. Therefore, the types of technical data collected from each platform are identical.

Reasons for collecting personal data

As identified in Figures 5 & 6, both privacy policies’ main reason for needing such data is to provide, personalize and improve your experience, focusing on the narrative that processing data is for the greater benefit of the user. Additionally, both TikTok and Meta justify data collection through assurance of safety and security. Other reasons include customization of advertisements and providing analytics, especially in the privacy policy of Meta, whose products are used as business tools. From the review of this section, it is apparent that the policies are very similar. 

Who has the information? 

In the final section of this analysis, both privacy policies insist that they do not sell the personal information of their users to other organizations but share it based on different reasons. In each privacy policy, all of the receivers of information are highlighted in Figures 7 & 8, including other social networks through which you can share the content of the platform, companies that deal with the storing of general data, and advertisers/creators who can asses their commercial development on the platform. After focusing on this section, it is clear that information is shared with identical types of organizations/groups, thus underlining the similarities between the two privacy policies. 

Security between East and West

Through this analysis, we are able to notice the alarming practice of excessive data collection. Moreover, we witness the similarities between the privacy regulations of three globally used social media platforms.  What we fail to witness is a technological reason why TikTok has been banned and other apps have not, leaving us to dive into the political concerns. Referring to Hayes’ surveillance-industrial complex (2012), it is apparent that worries about Chinese monitoring of EU representatives are based on the growing power of tech companies and their symbiotic relationship with governmental practices of surveillance.  

In the case of the TikTok ban, problems arise because of the autocratic leadership of the Chinese government, and most specifically its Intelligence Law, which demands companies assist with their users’ information to protect the interests of the country in times of need. While this obligation is hypothetical, Western politics cannot be certain of the destination of user data, therefore trying to impose their power by limiting the access of government representatives to the application. In this way, we witness the awareness of legislative bodies about problematic data collection - the West does not want to provide information to the East and vice versa. This is the essence of the surveillance-industrial complex, as it showcases that governments can potentially make use of personal data to monitor and reinforce their power and, in extreme cases, be insightful about the population of foreign power structures (Hayes, 2012). On the other hand, governments can also be harmed because of their implementation of surveillance by allowing external observation of foreign social media networks. In this context, the relationship between the private sector and the government becomes problematic since the responsibility for the privacy of users and countries together is simultaneously in the hands of tech companies and lawmakers (Hayes, 2012).  As a result, the proactive practices of dataveillance and the support of overreaching ways of data processing bring benefits to companies, such as Meta and TikTok which may not sell or share information with governments but by having it, could intensify advertising efforts, profit, and push further into the private lives of users. 

Final thoughts on TikTok restrictions 

In conclusion, social networking sites are guilty of requiring and storing excessive amounts of information, with TikTok being one certain example. However, based on this article,  it is certain that Meta’s products are not behind in data collection, they are also supporting the practice of extreme data processing. 

While the EU has regulated social media platforms by implementing laws like the GDPR, it seems that governmental efforts to ensure security explained through the surveillance-industrial complex (Hayes, 2012), show how stronger limitations of data monitoring are only considered when federal cybersecurity could be harmed. Thus,  major restrictive practices are introduced based on political interests instead of social protection. At the same time, the surveillance-industrial complex shows how insufficient restrictions could also reduce representative power by allowing tech companies to keep detailed records of millions of people. It seems that ordinary users are the only real losers in the battle for security. Yet the surveillance-industrial complex (Hayes, 2012) showcases the need for further reflection on the problematic aspects of data collection, highlighting that serious governmental limitations are necessary for ordinary users and political figures alike. 

Still, that’s not the end of TikTok as officials have criticized the decision of the EU, wanting to use the video-sharing app through dummy phones, because "it is the best way to reach Gen Z voters" (Goujard, 2023). Parties from the European Parliament - The Left in the EP & European People’s Party have kept their profiles on TikTok, even after the ban was issued.  TikTok has also put in the effort to please the EU by launching Project Clover, a program that will hopefully strengthen cybersecurity, limit employee access to data, and localize the storage of information on the continent.

References

Baker, E. (2022, June 17). US TikTok User Data Has Been Repeatedly Accessed From China, Leaked Audio Shows. BuzzFeed News.

Baker, E. (2022, December 22). EXCLUSIVE: TikTok Spied On Forbes Journalists. Forbes.

Fowler, G. A., & Loeb, G. (2020, July 13). FAQ: Should you delete TikTok? Here’s everything you need to weigh the real privacy risks. The Washington Post.

Goujard, C. (2023, February 28). EU Parliament bans staff from using TikTok over 'cybersecurity concerns'. POLITICO.

Goujard, C. (2023, March 27). MEPs cling to TikTok for Gen Z votes. POLITICO.

Hayes, B. (2012). The Surveillance-Industrial Complex. In K. D. Haggerty, K. Ball, & D. Lyon (Eds.), Routledge Handbook of Surveillance Studies. Routledge.

Holpuch, A., & Maheshwari, S. (2023, May 23). Why Countries Are Trying to Ban TikTok. The New York Times.

Liboreiro, J. (2023, January 10). TikTok battles privacy concerns and espionage fears in Europe. Euronews.

Zaeem, R. N., & Barber, K. S. (2020). The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise. ACM Transactions on Management Information Systems, 12(1), 1-20.