Security concerns have been raised over TikTok’s collection, use and disclosure of the personal information of its users. Its data collection methods provide access to a lot of content on mobile devices. The company collects sensitive data about users even when they don’t save or share content.
This raises red flags on two fronts: privacy and cybersecurity. The accumulation of data collected by the app is substantial and security experts contrast TikTok’s privacy policy with users’ expectations when on the app, expectations that leaves users vulnerable to cyber-attacks.
Additionally, TikTok’s parent company is located in China. Based on the current tensions between some countries and China, there is scepticism about TikTok’s privacy policy. Various countries have expressed concerns that companies in China may be compelled to share data they have with Chinese government.
There is concern that the Chinese government might use TikTok to push pro-China narratives or misinformation. Fears were stoked by news reports last year that a China-based team improperly accessed data of U.S. TikTok users, including two journalists, as part of a covert surveillance program to ferret out the source of leaks to the press.
Information TikTok collects
The app collects sensitive information from its users, and it is often taken without the user’s explicit knowledge such as email addresses, phone numbers, content you upload, and information about your keystroke patterns, battery levels, audio settings, mobile carrier, wireless connections, device brand and model, operating system, browsing history, ways of consuming data, time spent watching posts, searches, apps, filenames and filetypes, and location. Included in its data collection are contents of messages and times they are sent, received and read.
Add to the list your age, image, personal contacts, relationship status, preferences and other data collection when using single sign-on technology. You could also unwittingly provide sensitive information in direct messages. As well, if you take a photo of a document or a place that has sensitive information and store it on your cellphone. Even if you don’t conscientiously share it with TikTok, the app has access to it.
Decisions on TikTok use in Canada
Please note these recent important decisions related to TikTok use in Canada.
- Commissioners launch joint investigation into TikTok - Office of the Privacy Commissioner of Canada
- Government of Canada TikTok ban on federally issued devices
- Government of Ontario TikTok ban on provincially issued devices
- City of Ottawa and City of Gatineau TikTok ban on city issued devices
- Government of Quebec TikTok ban on city issued devices
uOttawa’s recommendation
We must protect information on uOttawa’s systems and networks. The University's current position is to have the uOttawa community think about the security of its data and the inherent risks from both a professional and personal perspective. We strongly recommends that professors and support staff remove TikTok from their personal and University-issued mobile devices.
What you can do
- Be vigilant when presented with privacy consents while using social media platforms.
- Think ahead of possible uses by bad actors before you post information to a social media platform.
- Be cautious in sharing personal information such as biometric data that uniquely identifies you as an individual. Examples of these include geometry, voice recognition, iris scans, and fingerprints. Once on the Internet, they’re almost impossible to erase. The issue is that biometrics defines you and is permanent information unlike other data which likely will change over time. This type of information is worth a lot on the market because it uniquely describes you.
- Mitigate your risk by removing the TikTok app until it has been declared secure by the Canadian government.