Over 150 million people in Europe are using TikTok. The app has gained significant popularity due to its successful algorithmic practices and its addicting digital infrastructure which encourages endless scrolling for entertainment. Yet recently, it has received criticism about privacy concerns over the collection of sensitive information which could be obtained by the Chinese government through ByteDance - the company that owns the video-sharing platform (Holpuch & Maheshwari, 2023). In particular, officials from the European Union introduced a ban on the app from all of the work technology of its representatives. Previous concerns about TikTok have been amplifying political worries in the West, yet as of now, TikTok has only been deleted from the technology of employees of the European Union institutions. This means it is still active on the phones of millions of people on the continent. Should ordinary users be concerned about their privacy? Most importantly, how is TikTok different from other content-streaming platforms in facilitating personal information?
The ban on TikTok
Cybersecurity concerns have been ongoing due to multiple occasions in which the video-sharing app has brought controversy through its data-collecting practices. BuzzFeed (2022) and Forbes (2022) revealed that ByteDance employees, as well as TikTok employees, have previously accessed non-public personal information about certain individuals on the app - in particular, journalists who have worked on cases about the parent company ByteDance (Baker, 2022). Most importantly, in the report by Buzzfeed, an audio recording reveals a statement of an employee of TikTok’s Trust and Safety department stating that Everything is seen in China (Baker, 2022). This quote closely illustrates some of the surveillance practices of the Chinese government (Liboreiro, 2023). In fact, in 2017, the government adopted an Intelligence Law requiring all citizens and companies to assist in protecting the country's interest by providing data if needed (Liboreiro, 2023). As a result, ByteDance may be obligated to collect and hand over the personal data of TikTok’s users even though that data is collected from other countries (Liboreiro, 2023). Concentrating on TikTok’s influence in Europe, the social media application has been previously fined by the Dutch Data Protection Authority for violating children’s privacy. These past issues suggest that the privacy-regulating institutions of the West have been wary of the app’s practices.
In February of 2023, the main powerhouses of the European Union - the Parliament, the Council, and the Commission restricted their representatives from having the social media application on their work electronics or any other technology that holds official information (Goujard, 2023). One could suggest that the reasons political figures were using the video app in the first place were because of their effort to appeal to the younger generation. However, other social media platforms like Facebook and Instagram are still being used by people in politics despite their share of controversy regarding digital surveillance. An article from the Washington Post reveals that "TikTok does not appear to take any more personal information than Facebook" (Fowler & Loeb, 2020), suggesting that most social networking platforms should be blacklisted for their data collection. As governments are fearful of hidden surveillance on TikTok, questions about the practices of other apps are yet to be considered. Moreover, if data collection is so problematic in the digital world, why are regulations issued only to restrict and not forbid it?
The Surveillance-Industrial Complex
The surveillance-industrial complex introduced by Ben Hayes (2012), focuses on the "relationship between the state and the private sector in developing and implementing surveillance systems for law enforcement and security purposes" (Hayes, 2012, p. 167). It is a framework that assesses the growth in power of technology companies that collect data, suggesting that it has brought both improvements and complications to the practices of governments that are simultaneously investing in technological power in exchange for protection, while tech companies are working to dive deeper into personal data processing (Hayes, 2012, p. 167). In addition, Hayes describes the surveillance-industrial complex as a "revolving door" between those responsible for our privacy and those actively trying to supply new methods of surveillance for protection(Hayes, 2012, p. 167). As a result, both legislators and corporate organizations can "exert influence on policy and practice when talking of technological supervision, a position that was previously only in the hands of lawmakers" (Hayes, 2012, p. 172). The scope of monitoring methods extends beyond solutions to state security, making social networking sites relevant to this theoretical foundation (Hayes, 2012, p.168), as they are the easiest source for mass data collection.
In this way, the surveillance-industrial complex showcases that security becomes a complex idea leaning towards digital surveillance. Hayes (2012) mentions that these practices can threaten privacy as well as bring complications to governance. As a result, in the following paragraphs, the use of the surveillance-industrial complex will reveal that data processing, in the context of institutional security, delivers both reassuring and alarming results.
As a guideline for my research, I made use of media articles discussing the ban of TikTok, as well as sources that explained the controversy around the platform. For the theoretical background, I focused on the work of Ben Hayes (2012) on the Surveillance-Industrical Complex included in Routledge’s Handbook of Surveillance Studies (2012).
TikTok vs Meta
Types of Information collected
In this part of both privacy policies, as seen in Figures 1 & 2, TikTok and Meta define personal information as "one that you provide". Firstly, the information that is collected is based on the characteristics of your profile such as picture, name, date of birth, etc. Secondly, the content that is made on the platform is also analyzed - defined as user activity. Further, both policies mention the collection of purchase history and contact information if permitted by the user. From the figures below, it is apparent that the types of information required by the companies are very similar. As a result, in this section, there is no significant difference in information collection.
Moving forward, the second type of information provided by the user accessing these platforms is regarded as technical. As seen in Figures 3 & 4, both platforms collect data on approximate location (exact location if the user allows it), IP address, device model, operating system, and activity on the device (keystrokes, performance, preferences). Mentioned further in the list, and not included in Figure 3, TikTok also collects metadata from your photos and videos which have been used to create content, or to which they have access, similar to the fifth point in Figure 4 of Meta’s policy. Additionally, TikTok and Meta make use of information from other sources about their users mentioning advertising websites, payment providers, and other partners. From this we can see that both companies gain knowledge of our online and offline practices through other sources, being able to build on our technological identity. Therefore, the types of technical data collected from each platform are identical.
Reasons for collecting personal data
Who has the information?
Security between East and West
Through this analysis, we are able to notice the alarming practice of excessive data collection. Moreover, we witness the similarities between the privacy regulations of three globally used social media platforms. What we fail to witness is a technological reason why TikTok has been banned and other apps have not, leaving us to dive into the political concerns. Referring to Hayes’ surveillance-industrial complex (2012), it is apparent that worries about Chinese monitoring of EU representatives are based on the growing power of tech companies and their symbiotic relationship with governmental practices of surveillance.
In the case of the TikTok ban, problems arise because of the autocratic leadership of the Chinese government, and most specifically its Intelligence Law, which demands companies assist with their users’ information to protect the interests of the country in times of need. While this obligation is hypothetical, Western politics cannot be certain of the destination of user data, therefore trying to impose their power by limiting the access of government representatives to the application. In this way, we witness the awareness of legislative bodies about problematic data collection - the West does not want to provide information to the East and vice versa. This is the essence of the surveillance-industrial complex, as it showcases that governments can potentially make use of personal data to monitor and reinforce their power and, in extreme cases, be insightful about the population of foreign power structures (Hayes, 2012). On the other hand, governments can also be harmed because of their implementation of surveillance by allowing external observation of foreign social media networks. In this context, the relationship between the private sector and the government becomes problematic since the responsibility for the privacy of users and countries together is simultaneously in the hands of tech companies and lawmakers (Hayes, 2012). As a result, the proactive practices of dataveillance and the support of overreaching ways of data processing bring benefits to companies, such as Meta and TikTok which may not sell or share information with governments but by having it, could intensify advertising efforts, profit, and push further into the private lives of users.
Final thoughts on TikTok restrictions
In conclusion, social networking sites are guilty of requiring and storing excessive amounts of information, with TikTok being one certain example. However, based on this article, it is certain that Meta’s products are not behind in data collection, they are also supporting the practice of extreme data processing.
While the EU has regulated social media platforms by implementing laws like the GDPR, it seems that governmental efforts to ensure security explained through the surveillance-industrial complex (Hayes, 2012), show how stronger limitations of data monitoring are only considered when federal cybersecurity could be harmed. Thus, major restrictive practices are introduced based on political interests instead of social protection. At the same time, the surveillance-industrial complex shows how insufficient restrictions could also reduce representative power by allowing tech companies to keep detailed records of millions of people. It seems that ordinary users are the only real losers in the battle for security. Yet the surveillance-industrial complex (Hayes, 2012) showcases the need for further reflection on the problematic aspects of data collection, highlighting that serious governmental limitations are necessary for ordinary users and political figures alike.
Still, that’s not the end of TikTok as officials have criticized the decision of the EU, wanting to use the video-sharing app through dummy phones, because "it is the best way to reach Gen Z voters" (Goujard, 2023). Parties from the European Parliament - The Left in the EP & European People’s Party have kept their profiles on TikTok, even after the ban was issued. TikTok has also put in the effort to please the EU by launching Project Clover, a program that will hopefully strengthen cybersecurity, limit employee access to data, and localize the storage of information on the continent.
Baker, E. (2022, June 17). US TikTok User Data Has Been Repeatedly Accessed From China, Leaked Audio Shows. BuzzFeed News.
Baker, E. (2022, December 22). EXCLUSIVE: TikTok Spied On Forbes Journalists. Forbes.
Fowler, G. A., & Loeb, G. (2020, July 13). FAQ: Should you delete TikTok? Here’s everything you need to weigh the real privacy risks. The Washington Post.
Goujard, C. (2023, February 28). EU Parliament bans staff from using TikTok over 'cybersecurity concerns'. POLITICO.
Goujard, C. (2023, March 27). MEPs cling to TikTok for Gen Z votes. POLITICO.
Hayes, B. (2012). The Surveillance-Industrial Complex. In K. D. Haggerty, K. Ball, & D. Lyon (Eds.), Routledge Handbook of Surveillance Studies. Routledge.
Holpuch, A., & Maheshwari, S. (2023, May 23). Why Countries Are Trying to Ban TikTok. The New York Times.
Liboreiro, J. (2023, January 10). TikTok battles privacy concerns and espionage fears in Europe. Euronews.
Zaeem, R. N., & Barber, K. S. (2020). The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise. ACM Transactions on Management Information Systems, 12(1), 1-20.