shutterstock 2306948811

TikTok unlawfully tracks your shopping habits – and your use of dating apps

by

Illegal tracking on all apps. It’s no secret that TikTok is data hungry. After all, the popular video platform’s algorithm knows exactly what content users want to watch. However, it is not well known that TikTok tracks you even when using other apps. One user found out about this unlawful tracking practice through an access request – which revealed that her Grindr use, for example, was sent to TikTok, possibly through the Israeli tracking company AppsFlyer – which allows TikTok to draw conclusions about her sexual orientation and sex life. This includes specially protected data Article 9GDPROn which action can be taken only in exceptional cases. TikTok also initially hid this information from users, which is a violation Article 15GDPROnly after repeated questioning, TikTok revealed that it knew which apps she used, what she did within these apps (e,g, adding products to shopping cart) – and this data also included information about her use of the gay dating app Grindr,

Clenthi Sardelli, data protection lawyer Noyab, “Like many of its American counterparts, TikTok is increasingly collecting data from other apps and sources. This allows the Chinese app to gain a complete picture of people’s online activity. The fact that data from another app revealed this user’s sexual orientation and sex life is one of the more extreme examples.”

Contributor to unlawful data processing. TikTok was only able to get this information with the help of Israeli data companies AppsFlyer and Grindr. AppsFlyer presumably acts as a kind of intermediary, receiving sensitive data about the complainant from Grindr and then passing it on to TikTok. Problem: Neither AppsFlyer nor Grindr had a valid legal basis under Article 6(1) GDPR to share the complainant’s personal data with a third party such as TikTok. And they certainly have no legitimate reason to share her sensitive data under Article 9(1) GDPR. At no time did the complainant give consent for his data to be shared.

Inadequate response to access request. Users must generally be informed about the recipients of personal data and even receive a copy of said data. However, TikTok appears to structurally violate users’ right to receive such a copy. TikTok refers to its users a “Download Tool”But later admitted that this device only holds what he understands most “Suitable” Data – and not all personal data yet. Despite repeated asks to add the missing information, TikTok did not provide information about what data was being processed and for what purpose. By doing so, TikTok clearly violates Article 12 And 15 gdprWhich requires companies to provide complete information and information in an easily understandable format.

Lisa Steinfeld, data protection lawyer Noyab, “TikTok directs its users to an inherently incomplete ‘download tool’. It is reasonable to assume that thousands of users were directed to this scam tool, which structurally does not comply with legal requirements to provide a complete copy of one’s personal data.”

Complaints were filed in Austria. Noyab It has therefore filed two complaints with the Austrian Data Protection Authority (DSB). The first complaint is against TikTok and revolves around an incomplete response to the complainant’s access request. The second complaint is against TikTok, AppsFlyer and Grindr and concerns undefined processing of off-TikTok data, lack of valid legal basis for data sharing and processing, and violation. Article 9(1) GDPRWe request TikTok to provide the missing information to the complainant and stop the illegal processing of his personal data by the three companies, Last but not least, we suggest that the authorities “effective, proportionate and disappointingPenalty under Article 83 GDPR to prevent similar violations in future.



<a href

Leave a Comment