On July 13, Tik Tok planned to update its privacy policy. The changes would have allowed it to serve targeted ads on its platform without users’ consent. The company suspends the planned review following the intervention of the Italian data protection authority which alleges a violation of the GDPR.
Changes that do not comply with the GDPR
For almost a month, Tik Tok started warning its subscribers regarding the review of its privacy policy. The upcoming changes would have allowed the company to use personal data as part of its ad targeting process. And this, without the explicit permission of users.
Tik Tok’s planned update covers its subscribers in the European Economic Area (EEA), the United Kingdom and Switzerland. Having taken note of the announced changes, the Italian data protection authority denounces a non-compliance with local law and GDPR.
Data protection and privacy laws require users’ consent before their personal data is used. According to the Italian authority, this consent remains the only legal basis for storing information or accessing information already stored in a user’s terminal.
An update exploiting Legitimate Interest
With this update, Tik Tok says it is acting in the legitimate interests of the company and its partners. A spokesperson for the platform says, “We strive to create a personalized experience for our community, and at the same time we are committed to respecting the privacy of our users.”
The provision on ” the legitimate interest falls into a different category than personalized data tracking. This one avoids having to ask users for explicit consent to use their personal information. However, this layout was certainly not designed for targeted .
Nevertheless, Tik Tok hoped to capitalize on it. The company says, “We believe personalized provides the best app experience for our community and aligns us with industry practices, and we look forward to engaging with stakeholders and addressing their concerns. concerns”.
Investigation underway, update suspended
The Garante per la Protezione dei Dati Personali (the Italian data protection authority) would have already launched the investigation. She also has referred to the Irish Data Protection Commission (CPD). It is the main privacy regulator in the European Union.
The Italian authority fears that inappropriate advertisements target minors knowing that TikTok cannot actually confirm the age of its users. The latter declares that it reserves the right toimpose restrictions if TikTok, a platform widely used by teenagers, does not withdraw its announced changes.
After an interview with the DPC, Tik Tok has agreed to suspend its update. This case might very well trigger a new round of scrutiny of the platform’s other business practices.