data privacy
TikTok is facing a slew of class action lawsuits alleging it tracks and harvests troves of personal information on users through its in-app browser.
In the most recent suit filed on Wednesday, users allege TikTok has “secretly amassed massive amounts of highly invasive information and data by tracking their activities on third-party websites.” At least a dozen class actions have been filed since November alleging violations of the federal wiretap act, among other claims.
TikTok remains under fire by the government due to concerns that data it collects on American users can be leveraged by the Chinese government to advance its interests. The company could, for example, be forced to tweak its algorithm to boost content that undermines U.S. democratic institutions or muffles criticism of China and its allies, according to lawmakers. A bipartisan bill backed by the White House was introduced on Tuesday that would establish a unified process for reviewing and addressing technology that could be subject to foreign influence. Under the measure, Chinese parent company ByteDance could be forced to sell TikTok or the platform could be completely banned, though that would face significant hurdles.
The first suit, known as Recht v. TikTok, was filed in November. It was based on a report from Felix Krause, a software researcher who found that the company injects lines of code that commands the platform to copy user activity on external websites. Of the seven popular apps he tested — including Instagram, Snapchat, Amazon — he found that only TikTok monitored keystrokes.
The named plaintiff in the complaint, California resident Austin Recht, says he clicked on an ad to a third-party website, where he bought merchandise after he entered private data that included his credit card information. Tiktok “surreptitiously collected data associated” with his activity on the third-party site accessed through the platform’s in-app browser, according to the complaint.
The class actions detail how TikTok intercepts and harvests data. The in-app browser inserts code into the websites visited by users with the purpose of tracking “every detail about [their] activity,” Recht claims.
“In the case of online purchase transactions, this would include all of the details of the purchase, the name of the purchaser, their address, telephone number, credit card or bank information, usernames, passwords, dates of birth,” reads the complaint filed in California federal court.
The data isn’t limited to purchase information and extends to private information about users’ health, the suit alleges. When users click on a link to Planned Parenthood on TikTok, for example, their activity on the site is tracked and harvested. This could identify users looking for abortion services or those looking for information about gender identity, according to the suit.
TikTok has faced legal action for illegally harvesting user data. In 2020, it was sued for alleged violations of the Illinois Biometric Information Privacy Act, a state statute that prohibits private companies from collecting users biometric identifiers without first obtaining consent. It settled the litigation for $92 million.
In response to suits alleging violations of the Federal Wiretap Act, Tiktok has said that the purported class members are covered under the settlement for those who sued for violations of the Illinois privacy law because it “addressed all user data collected through the app.”
Though the plaintiffs in the suit don’t allege any injury, the Federal Wiretap Act doesn’t require proof of actual harm to recover monetary damages. The law prohibits the intentional interception of communications, which includes personal information.
Some of the suits also allege violations of state invasion of privacy and competition laws. A hearing has been set for March 30 on whether the litigation should be consolidated.
In California, TikTok could face massive damages if there’s a data leak. Under the California Consumer Privacy Act, companies that mishandle personal data face statutory damages ranging from $100 to $750 for each consumer per incident.
TikTok didn’t immediately respond to requests for comment.
This article originally appeared on THR.com.
TikTok’s CEO, Shou Zi Chew, will testify in front of the House Committee on Energy and Commerce in late March in his first appearance before Congress, according to a statement from the committee’s chair, Rep. Cathy McMorris Rodgers.
The Republican representative from Washington said Chew is expected to comment on TikTok’s data security and user privacy policies, its impact on children and the company’s ties with China’s Communist Party.
The popular short-form video app and influential music discovery tool has become a lightning rod for political controversies as lawmakers on both sides have questioned the company’s handling of U.S. users’ data and whether it’s obligated to share user data with China’s ruling Communist Party. The app is owned by Chinese company ByteDance.
In an emailed statement, a TikTok spokesperson confirmed the hearing was to take place on March 23 and said they welcome the opportunity to “set the record straight about TikTok, ByteDance, and the commitments we are making to address concerns about U.S. national security.”
“We hope that by sharing details of our comprehensive plans with the full committee, Congress can take a more deliberative approach to the issues at hand,” the spokesperson said.
Congress is currently considering a bill introduced in December by Senator Marco Rubio (R-Flor.), Rep. Mike Gallagher (R-Wis.) and Rep. Raja Krishnamoorthi (D-Ill.) that would effectively ban TikTok and any other social media company headquartered in China, Russia or a handful of other countries from operating in the United States.
In addition, a number of U.S. states and large state universities have issued orders restricting access to TikTok on state-issued mobile devices and over campus internet.
In her own statement, Rodgers said that Bytedance has “knowingly allowed” the Chinese Communist Party to access U.S. users’ data, and her committee aims to ask TikTok for “complete and honest answers for people.”
“Americans deserve to know how these actions impact their privacy and data security, as well as what actions TikTok is taking to keep our kids safe from online and offline harms,” Rodgers said.
A TikTok spokesperson refuted Rodgers’ statement.
“There is no truth to Rep. McMorris Rodgers’ claim that TikTok has made U.S. user data available to the Chinese Communist Party. The Chinese Communist Party has neither direct nor indirect control of ByteDance or TikTok,” the spokesperson said. “Moreover, under the proposal we have devised with our country’s top national security agencies through CFIUS, that kind of data sharing—or any other form of foreign influence over the TikTok platform in the United States—would not be possible.”
-
Pages