The amount of user data collected by TikTok is one of the most significant concerns surrounding the app. TikTok collects a range of personal information, including a user's location, device information such as their contact list, and browsing history. These practices have raised concerns over how the app uses and shares user data, especially since TikTok's parent company, ByteDance, is based in China. Under The National Intelligence Law of the People's Republic of China, companies are obligated to help the Chinese Communist Party if requested, leading to potential privacy violations. These concerns have led some countries to ban TikTok outright to protect their citizens' personal information.
This week, Cabinet Office minister Oliver Dowden has banned TikTok from government mobile phones, noting that banning the app is good cyber “hygiene”. This ban came after Tom Tugendhat, the UK’s security minister, asked the National Cyber Security Centre (NCSC) to look into the app after concerns raised from other countries around the world. The UK government is increasingly wary of the risks posed by foreign-owned apps and the potential for foreign governments to access sensitive information. The ban comes as part of a wider push to tighten cybersecurity measures and reduce the risk of data breaches. While TikTok maintains that it takes data privacy seriously and stores user data outside of China, the UK government's decision highlights the ongoing debate around the app's security and its implications for national security.
The UK isn’t the only country to have banned TikTok from government devices. EU institutions (European Parliament, European Commission and the EU Council) have placed a ban on staff devices, as well as strongly recommending that staff also remove the app from their personal devices. The US has given government agencies 30 days to delete TikTok from federal devices, whilst more than half of the 50 US states have banned the app from government devices; this came after the FBI and Federal Communications Commissions warned of user data being shared with China’s authoritarian government. In response to the US’s banning of TikTok, ByteDance responded by stating that the ban is driven by geopolitics and argued it’s an independently run company. New Zealand has applied bans to 500 government workers, including from the devices of the country's government lawmakers. Denmark banned TikTok from government devices at the start of March after their Centre for Cyber Security assessed the risk of espionage. Other countries include Belgium, Canada, Taiwan (who have put a blanket ban on Chinese-made software, Pakistan, Afghanistan and India who made the ban permanent in 2021 after the question of privacy and security requirements were left unanswered.
Not only is there the issue of data protection, but TikTok's content moderation practices have also come under scrutiny due to allegations that the app censors or removes content that is critical of the Chinese government or related to issues like Hong Kong or Taiwan. This has raised concerns about the app's commitment to freedom of speech and its potential to shape public opinion on sensitive issues. Furthermore, there are worries that TikTok could be used to spread disinformation or influence campaigns, with some experts suggesting that the app could be used to manipulate public opinion or even interfere with elections. Given TikTok's massive user base, the potential impact of such campaigns could be significant. While TikTok has taken steps to address these concerns by increasing transparency and accountability, the app's content moderation practices remain a point of debate. In a world where social media plays an increasingly important role in shaping public opinion, it is critical that platforms like TikTok take steps to ensure that their practices align with ethical standards and promote free speech.
TikTok users can take several steps to protect themselves against cyber threats. First, they should ensure that they are using the latest version of the app, as this will include security patches and bug fixes that can help to prevent vulnerabilities. Users should also be cautious about the personal information they share on the app, particularly if it relates to sensitive data like financial information or location data. It is also a good idea to use strong, unique passwords for their TikTok account and to enable two-factor authentication for an extra layer of security. Additionally, users should be wary of suspicious links or requests from unknown users and report any suspicious activity to TikTok's support team. Finally, users should regularly review their privacy settings to ensure that they are only sharing information with trusted sources and consider using a virtual private network (VPN) to protect their online activity. By taking these steps, TikTok users can help to protect themselves against cyber threats and safeguard their personal information.
Many of these recommended precautions follow our standard advice with all things cyber:
- patch apps and devices to keep as secure as possible and protect your data
- use strong, unique passwords and invest in a password manager
- use multi-factor authentication with an authenticator app on any platform where offered
- distrust by default - be aware of the risks of impersonation and look for context to decide if messages are genuine
Flex IT can help businesses comply with these recommendations, which all fit within the UK's CyberEssentials initiative. We are CyberEssentials Plus accredited, we understand the pressures on businesses attempting to balance security and flexibility in their working patterns. We can assign management policies to ensure minimum standards are maintained for business' devices, deploying only apps that are approved for the business environment, and provide staff training to ensure they are aware of the threat landscape. We have experience of assisting clients in attaining their own CyberEssentials accreditation by ensuring devices are properly protected, making the assessment as straightforward as possible. Contact us to find out more.