Privacy Hits a Low at TikTok, Twitter
Privacy on social media has taken a hit this month, which should surprise no one. Just days after Elon Musk took over Twitter, the platform’s chief privacy officer resigned, as did others germane to the company’s safety and security. That was on the heels of reports that TikTok’s privacy policy shows that Chinese staff can access data from European users.
“Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols and by way of methods that are recognized under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data,” the Guardian quoted Elaine Fox, TikTok’s privacy chief, as saying.
That set off alarm bells among many experts and policymakers who have long worried that the Chinese government could gain access to private data from the Chinese-owned company and put it to use in a number of nefarious ways.
TikTok has claimed to be in compliance with the Schremms II decision from March 2022, which found that the protection of personal data had limitations due to domestic law in the United States as well as the access and use by U.S. public authorities of personal data transferred from the EU. But the updated privacy policy seemed to open the door to violations and to tracking users, including vulnerable users like children at risk. “With your permission, we may also collect precise location information (such as GPS),” the policy said.
“The changes to the privacy policy by TikTok to reflect their actual engineering and fraudulent account practices should be commended; although it will generate alarm bells primarily to the geographic spread of their employees with this level of access,” said Claude Mandy, chief evangelist, data security at Symmetry Systems.
“A lot of parents like myself at Symmetry Systems would be comforted to see more ongoing and somewhat radical transparency from tech companies like TikTok with detail on the number of employees with this level of access. Not to mention information about how much information from how many TikTok users were viewed in accordance with the different lawful uses outlined in the policy,” he said. “It is only with modern data security practices that monitor actual operations in accordance with their privacy against personal information that TikTok will be able to provide sufficient transparency like this to privacy regulators, users and governments that they are truly privacy conscious.”
The policy goes into effect December 2, 2022.
Meanwhile, Twitter is battling perception—and literal—problems of its own following the departure of chief privacy officer Damien Kieran, CISO Lea Kissner and Yoel Roth who headed up integrity and safety at the platform. Twitter’s problems have multiplied since Musk took the helm.
“I’ve made the hard decision to leave Twitter,” Kissner said in a tweet. “I’ve had the opportunity to work with amazing people and I’m so proud of the privacy, security, and IT teams and the work we’ve done.”
Of course, that exodus caught the eye of the Federal Trade Commission (FTC), the watchdog that has made it a mission to aggressively oversee tech and social media firms.
“No CEO or company is above the law, and companies must follow our consent decrees,” an FTC spokesperson said in a statement, noting that the agency is “tracking recent developments at Twitter with deep concern.”
The statement underscored that the FTC’s “revised consent order gives us new tools to ensure compliance, and we are prepared to use them.”
