Consumer groups in 15 European countries have lodged complaints against TikTok. Among the allegations are failure to adequately protect children.
Perhaps one of the more overused phrases in media today is the phrase “game changer”. Examples include how COVID-19 rapid testing is a “game changer” or how a new app could be a “game changer” for fixing something (only to see the app never make it into the news again). Usually, the phrase “game changer” can be translated to “we’re hyping this up” under most scenarios. In most cases, the story fades away and this “game changer” was just another over hyped something that was trying to make a splash, but had no real follow-up.
Perhaps a rare exception to that rule is the European GDPR (General Data Protection Regulation). Back in 2018, the GDPR was passed. The reception was mixed at the time. Supporters viewed it as a game changer in the world of privacy and that it sets a new global standard for privacy. Some, however, simply saw it as little more than yet another bad piece of legislation that should be the subject of boos and hisses.
At the time of the passage, we really didn’t have much to go on to form much of an opinion either way. What we did say at the time, though, is that enforcement is what may be a deciding factor as to whether or not this law would prove to be successful or not.
Well, it was almost as if someone from Europe was reading our stories and set out to prove that GDPR was, in fact, worth the hype. Just look at the subsequent headlines we ended up publishing since:
Data Breach Whistle-Blowing Skyrockets After GDPR Passage
95,000 GDPR Privacy Complaints Made to Europe’s Authorities
Europe’s GDPR Regulators Currently Dealing with 59,000 Breaches
Apple, Cisco, Call for an American Version of the GDPR Laws
UK Data Breach Notifications Quadruple Under GDPR Laws
GDPR Proves Success After Reported Security Incidences Tops 160,000
GDPR Fines Continue to Roll Out in the Hundreds of Millions of Euro’s
Tinder Faces GDPR Probe Following Personal Information Revelations
Automated Facial Recognition Illegal Under GDPR – EU Official
Grindr Faces $11.7 Million Fine for Selling Personal Information
If anything, the story since the passage in 2018 is that Europe is not playing around with privacy any more. Gone are the days (although some might argue that they aren’t totally gone in Ireland still) where law enforcement looks at data leaks and breaches and simply turns a bright eye because they are a large company. This is a continent that well and truly takes privacy breaches of any kind seriously. Further, regulators aren’t afraid to throw the book at the big players either.
Now, it seems that those who are focused on privacy in Europe have set their eyes on another platform: TikTok. Certainly, we’ve been covering TikTok a lot in the last year or so with the drama of Trump attempting to ban TikTok as far back as August of 2020. After a long bout with the president, the platform is finally getting a reprieve with the Biden Administration backing off of the war against the platform.
Now, four days later and the platform is going from one controversy to another. According to TechCrunch, the platform is facing accusations from consumer rights organizations over its handling of personal information:
TikTok is facing a fresh round of regulatory complaints in Europe where consumer protection groups have filed a series of coordinated complaints alleging multiple breaches of EU law.
The European Consumer Organisation (BEUC) has lodged with the European Commission and the bloc’s network of consumer protection authorities a complaint against the video-sharing site, while consumer organisations in 15 countries have alerted their national authorities and urged them to investigate the social media giant’s conduct, BEUC said today.
The complaints include claims of unfair terms, including in relation to copyright and TikTok’s virtual currency; concerns around the type of content children are being exposed to on the platform; and accusations of misleading data processing and privacy practices.
On child safety, the report accuses TikTok of failing to protect children and teenagers from hidden advertising and “potentially harmful” content on its platform.
“TikTok’s marketing offers to companies who want to advertise on the app contributes to the proliferation of hidden marketing. Users are for instance triggered to participate in branded hashtag challenges where they are encouraged to create content of specific products. As popular influencers are often the starting point of such challenges the commercial intent is usually masked for users. TikTok is also potentially failing to conduct due diligence when it comes to protecting children from inappropriate content such as videos showing suggestive content which are just a few scrolls away,” the BEUC writes in a press release.
On data protection and privacy, the social media platform is also accused of a whole litany of “misleading” practices — including (again) in relation to children. Here the complaint accuses TikTok of failing to clearly inform users about what personal data is collected, for what purpose, and for what legal reason — as is required under Europe’s General Data Protection Regulation (GDPR).
Other issues flagged in the report include the lack of any opt-out from personal data being processed for advertising (aka “forced consent” — something of which tech giants like Facebook and Google have also been accused); the lack of explicit consent for processing sensitive personal data (which has special protections under GDPR); and an absence of security and data protection by design, among other issues.
As a matter of fact, large tech companies didn’t just face accusations of this nature. We are aware of how Google and Amazon were actually fined in France for €100 Million and €35 Million respectively over similar privacy issues. So, there could also be precedence those rights organizations can use on top of it all.
If the accusations are true and those accusations hold up in court, TikTok actually faces an uphill battle here. Thanks to the GDPR, if you’re going to screw up on people’s personal privacy, Europe is decidedly not a continent you want to do that in. Not only do you face an uphill battle, but you also face huge fines in the process.
It’s sort of weirdly ironic that privacy issues might actually bite TikTok. It wasn’t that China has backdoor access as the Trump administration accused it of offering, but it could very well be just a simple lack of reasonable upfront consent for users that will do it. We’ll, of course, monitor the situation for developments to see what actually happens.
Drew Wilson on Twitter: @icecube85 and Facebook.