TikTok is a social media app which allows its users to upload and share videos. Its popularity has skyrocketed since its inception in 2017. The app was created by the Chinese internet technology company, Beijing Bytedance Limited, which is headquartered in Beijing. Prior to the release of TikTok, Bytedance created the Chinese version of the app called Douyin in 2016, as TikTok is not permitted in China due to the internet censorship laws set out by the government.
The platform is accessed globally and has an estimated average of 1.8 billion daily users, compared with Instagram, developed in 2012, which has an average of 1.386 billion daily users and Facebook’s 1.62 billion. TikTok is also not just popular with individuals, but also large corporations with the likes of Coca-Cola and Adidas having accounts to share promotional and marketing content.
Despite the app’s popularity and large userbase, it has come under public scrutiny due to its alleged association with the Chinese Communist Party (CCP). This speculation has arisen from media reporting relating to the app, as well as the CCP’s close supervision of companies within China.
It has been speculated that TikTok shares its users’ account data with the Chinese state, which poses a security concern for governments and companies as to how the CCP intend on using the data. Bytedance have vehemently denied these allegations, claiming that they are not affiliated with the Chinese state.
Despite Bytedance denying its affiliation with the CCP, it was reported in the media that the CCP had bought a 1% share in Bytedance in 2022, known as a “special management share”. This typically allows the state-backed entity to appoint a board member with the power to veto decisions for the company.
Bytedance refuted these claims, instead noting that the CCP had bought special management shares in Beijing Douyin Information Service Limited. This company was later identified as being an offshoot of TikTok and the Chinese version of the app. Bytedance was also found to have had a partnership with several Chinese state-run companies.
Despite the media reporting, Bytedance has since claimed that Beijing Douyin Information Service Limited is not the same as the Chinese TikTok app, Douyin. There are several blurred lines and mixed media reporting from both China and Western countries so the actual affiliation and association that the CCP has with TikTok and Bytedance is unable to be verified.
Despite there being no concrete evidence regarding the CCP’s association with TikTok, the speculation itself has led to several global government agencies prohibiting the app being used on employee’s corporate/federal phones to mitigate against any potential risks or cyber-attacks. The ban has taken place in US governmental agencies, as well as India, Canada, Australia, Denmark, and the European Commission. Most recently, the United Kingdom has also put a TikTok ban on government devices citing security concerns.
The idea to ban TikTok on US federal devices was put forward during the Donald Trump administration in 2020, where there were security concerns about what data was being collected and how it was being used. Mike Pompeo, the previous Secretary of State claimed that “[TikTok might be] feeding data directly to the Chinese Communist Party.”
Furthermore, a law was passed in China in 2017 stating that Chinese companies, upon request from the government, are required to share access to the data they collect, meaning that data collected by TikTok could be shared with the CCP. There is no public evidence to confirm whether TikTok has given any data over to the CCP under this regulation, but this data law adds to the concern over the CCP’s access to TikTok’s data. There is concern that if Bytedance, which is based in Beijing, holds TikTok data on its servers, then it may be subject to handing over data to the CCP. Again, this is yet to be proven. Also, it is not specified as to where TikTok holds its data, thus if it is not held on Chinese servers then the law passed in 2017 may not guarantee access to the data by the authorities. Reporting around this law has not been specific in terms of its applicability.
The notion that TikTok is harbouring user’s personal data to be used by the CCP poses potential security concerns, and judging by China’s cyber capabilities, if the affiliation is correct, the data could be used to inform social engineering as seen in the US elections in 2016 or destabilising cyber-attacks such as those believed to be conducted by the Chengdu-based hacking group known as APT41 . If true, the use of the app on government phones may make it easier for a threat actor to steal login data, and therefore gain access to nation state information.
A report published by the Guardian newspaper regarding this topic has since noted that TikTok follows an “overly intrusive” data collecting method where the app consistently asks users to share their data, whereas Facebook and Instagram are not as persistent. There are ways around giving certain data to TikTok by agreeing or disagreeing with the permissions put forward by the application if you have an account. Though, this only works for certain aspects of the app as it is run on machine learning, so needs access to personal data to inform the algorithm of what adverts, and what video content a user would prefer to see. Wired have stated that users are able to disengage the GPS permissions so that TikTok is unable to track your location, although this reportedly changes the performance of the app.
It has also been uncovered that the app has been able to collect some data irrespective of asking permissions, as it was discovered that the app was somehow able to collect data without a user even creating an account, throughcookies and interaction data on an internet browser. It appears that the way TikTok has been developed makes it easy for the app to collect masses of user data, which is not dissimilar to many social media applications; the worry is who TikTok is sharing this with, and why.
Despite the confusion and worry around what data TikTok collects, it released a report in 2022 which showed the requests made to the app for access to users’ data from several global governments, therefore indicating that users’ data could be provided to government agencies who request it. Although, it is not stated how much, if any, data has been given to those who request it.
The idea that TikTok has been feeding data to the Chinese government is not new and has been a point of contention since the app was developed, solely due to the fact it was created by a Chinese company. Despite this, Bytedance have since come out and stated that the company and TikTok have no association with the CCP and are compliant with data laws. They state that no personal data is taken.
The crackdown on TikTok has come at a time of fragmented Sino-western tensions, after it was revealed that China had released surveillance balloons into North America, which were shot down by the US military. Moreover, China and the West’s stance on Taiwan has also added to the worry that the CCP want to monitor Western activity. So, banning TikTok, although arising from security concerns can also be seen as a tool used by the West to try and restrict Chinese influence across the globe.
Despite this, many users have come out to criticise the ban. Noting that, if TikTok is banned on phones then surely it should be argued that the same rules are applied to the likes of Facebook, Twitter and Instagram who also retrieve user data. Facebook famously were caught up in the Cambridge Analytica scandal that saw user data being sold and used without permission.
The recent developments have made it evident that if TikTok wants to continue its ascension as a global social media platform, it will need to be more transparent with its data sharing, and work with global agencies to ensure a degree of online safety to its userbases. Also, it will need to work with foreign governments to establish elements of trust amidst the breakdown of relations with China.
The potential impact of data sharing between TikTok and the Chinese authorities is widespread. For example, if you are a legal team dealing with Chinese subject matters, you may wish to consider the exposures within your team to TikTok and other Chinese-domiciled entities in light of the trapdoor legislation, which could undermine legal privilege protections. Alternatively, if you are a multinational corporation with supply chains or partners in China, an examination of your supply chain exposure or partnering entities may be required to evaluate and limit your risk exposure. Quintel Intelligence can support any such requests through our enhanced due diligence services.
Global Risk Investigations
92 Albert Embankment
London, SE1 7TY
+44 (0)203 948 1988