Should you ban your employees from using TikTok in the workplace? Data security and privacy concerns have led the US Military, India, and other government entities to ban the use of the app on their devices. In this article I’ll break down the bans that are currently in effect, the types of data that TikTok collects, and the data privacy and security concerns that have led to these bans.
TikTok is a video-sharing social media app owned by ByteDance, a Chinese internet technology company. Users of the app film short-form videos ranging from dances, lip-syncing, comedy skits, and other creative clips. According to a report from Sensor Tower, TikTok has been downloaded nearly 2 billion times since its launch in 2012. ByteDance also operates a China-exclusive version of TikTok known as Douyin.
Bans of the popular social media platform amid privacy and security concerns are on the rise, with India’s recent banning being a high-profile example.
— TikTok India (@TikTok_IN) June 30, 2020
The list of parties concerned with TikTok’s data privacy and security continues to grow. In June 2020, the European Data Protection Board (EDPB) announced that it will be assembling a task force to examine TikTok’s user privacy and security practices.
Despite the TSA and military bans, there are no definitive plans to ban TikTok and other apps with connections to China at a country-wide level. Secretary of State Mike Pompeo was recently asked if the USA will be considering banning Chinese-owned apps such as TikTok, which he responded to by stating “I don’t want to get out in front of the president, but it’s something we’re looking at”.
There are growing concerns about data collection through TikTok such as facial recognition, location data, and A.I. based image scanning can be used for nefarious purposes should Bytedance be compelled to share that data with the Chinese government. These concerns have led some to wonder if TikTok is less of a social media app and more of a probable remote spying software to surveil foreign citizens.
US senators and data privacy advocates alike are concerned that the quantity of data collected by TikTok could potentially be shared with the Chinese government due to China’s history of data collection, monitoring online activity of their citizens, and internet censorship (the “Great Firewall of China”).
At the Social 2030 conference, it was revealed that Reddit’s CEO Steve Huffman considers the app to be remote spy software, with him stating “I actively tell people, ‘Don’t install that spyware on your phone’” and that he thinks that the app is “fundamentally parasitic”.
“I look at that app as so fundamentally parasitic, that it’s always listening, the fingerprinting technology they use is truly terrifying, and I could not bring myself to install an app like that on my phone”
Steve Huffman, Reddit CEO
TikTok released a statement clarifying their user data collection and sharing practices
Where TikTok stores it’s US user data & it’s stance on Chinese law:
“We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law. Further, we have a dedicated technical team focused on adhering to robust cybersecurity policies, and data privacy and security practices.
TikTok’s stance on censorship and providing information to the Chinese government:
TikTok does not remove content based on sensitivities related to China. We have never been asked by the Chinese government to remove any content and we would not do so if asked. Period. Our US moderation team, which is led out of California, reviews content for adherence to our US policies – just like other US companies in our space. We are not influenced by any foreign government, including the Chinese government; TikTok does not operate in China, nor do we have any intention of doing so in the future.”
“TikTok is essentially malware that is targeting children”
Statement by Reddit user bangorlol after reverse-engineering TikTok to see the data it collects from its users
Officially speaking, highlights from TikTok’s Privacy Policy states the app collects the following:
However, a crowd-sourced team of software engineers and cybersecurity community members have been actively reverse engineering the app to learn more about what the app is collecting. Much of the findings have come from a Reddit user by the name of bangorlol. Here are the highlights of his reddit comment:
“TikTok is a data collection service that is thinly-veiled as a social network. If there is an API to get information on you, your contacts, or your device… well, they’re using it.”
There’s no doubt that TikTok is used in the workplace by employees. Viral videos of employees performing dances and comedy skits while in uniform or sharing insights into their day-to-day work life are quite popular on the app. Whether or not you decide to enforce a ban of the app on company-provided devices will depend on a few factors
Should you block employees from accessing TikTok in the workplace?
For employers that would like to follow suit with India and the US military, there are ways of enforcing the ban of TikTok on company-provided devices.
These very same practices will apply when you decide to block any other potentially dangerous applications and websites in the workplace.
To block access to the browser version of TikTok, add these domains to your web filter:
For more information, see our detailed guide for blocking TikTok on work computers.
Don’t have a web filter?
Try a free trial of BrowseControl and start blocking Tiktok today.
CurrentWare Gateway is an agentless, multi-platform internet filtering and monitoring solution that is used by businesses to manage their employee’s internet use in the workplace.
Once you’ve setup the CurrrentWare Gateway, simply add the above URLs to the web filter to block employees from using TikTok when they are connected to your company’s network.
The sheer amount of data collected by TikTok and the potential for them to be forced to share user data with the Chinese government has caused privacy and security concerns among federal governments. The recent bans from India and the US military may only be the start of such policy changes, with other governments potentially following suit. If you are concerned about the use of TikTok in the workplace you can block employee internet access to TikTok and provide acceptable use policies that govern expectations on company-provided devices.