Is TikTok Bad for Data Privacy?

The conversation about China-based social media platform TikTok reached a fever pitch in March 2023, when TikTok CEO Shou Zi Chew was grilled by U.S. lawmakers over privacy and national security concerns. 

While the jury is still out on whether or not TikTok impacts U.S. national security, it’s common knowledge now that the platform does collect large amounts of user data — including IP addresses, keystroke patterns, and even biometric faceprint data.

None of this is good from a data privacy perspective, but research shows that TikTok’s data collection practices are similar to other social media platforms — leaving average users to wonder: Is TikTok bad? Read on as we dissect TikTok’s data collection practices to find out whether TikTok is safe to use from a data privacy perspective, plus steps you can take, like using one of the best virtual private networks (VPNs), to protect your data on any social media platform.

What data does TikTok collect?

In its privacy policy, TikTok makes it quite easy to review the data it collects. The data is organized into three categories: information provided by the user, information gathered from other sources, and information that is automatically collected. Below, we will review some of the most notable data that TikTok openly collects.

Information provided by the user includes:

• Account credentials and profile details, such as username, password, age, name, email, phone number, and profile image
• Credit card numbers and third-party payment information
• Content generated by the user, such as uploaded videos and photos, comments, audio recordings, and hashtags
• The contents and history of sent and received messages, which includes correspondences with other users and vendors as well as chat history with the virtual assistant
• With permission, any videos, text, and images saved in a device’s clipboard
• With permission, social network and phone contacts

Information collected automatically includes:

• Cookies that give TikTok insight into how users interact with content
• Metadata, which is data used to describe other data, such as when a piece of user-generated content was created, how it was created, who created it, and where it was created
• IP addresses and geolocation-related data. Tagging restaurants or tourist attractions also provide TikTok with user location data; however, it claims that current versions of TikTok will not collect “precise” GPS data from users in the U.S.
• Information about the device that uses TikTok, such as time zone settings, screen resolution, device model and system, and audio settings
• Keystroke patterns
• Biometric identifiers like faceprints and voiceprints.

Information from other sources includes:

• Public profile information and browsing activities from third-party services, such as Meta, X, Instagram, and Google
• Cookie identifiers, hashed email addresses, and browsing activities from other websites, apps, stores, and other corporate entities that are affiliated with TikTok
• When and where a user is mentioned in user content, messages, complaints, and feedback

TikTok’s privacy policy also explicitly states, “We may collect information about you from other publicly available sources.”

While the above is not the full list of user data TikTok collects, it’s still a large amount of information. It’s important to note that in 2021, privacy researcher, Pallaeon Lin, from the University of Toronto's Citizen Lab, performed research on TikTok and concluded that its data collection isn’t actually any worse than other social platforms such as Meta or tech corporations like Google.

Lin added that these tests found TikTok to be free of explicit vulnerabilities and malware-like behavior — at least at the time of testing — but Lin was unable to see what happened to user data once it was collected.

What does TikTok do with my data?

Since privacy researchers are unable to see what happens with user data once it is collected, we only have TikTok’s statements to go by. In its privacy policy document, TikTok claims that user data is leveraged to support the improvement and continued development of the app, to provide customized ad experiences, to promote safety, to prevent fraud, and more.

TikTok continues to outline that it shares collected user data with business partners and service providers for mostly benign purposes, such as payment processing, transaction fulfillment, database management, data processing, and analytics. Among the groups of service providers and business partners are:

• Customer and technical support providers
• Researchers
• Advertising, marketing, and analytics vendors
• Payment processors and transaction fulfillment providers

Amid the security controversies in the U.S., TikTok has recently implemented a security proposal called “Project Texas,” in order to instill more confidence that TikTok operates without influence from the Chinese government. This proposal implements stricter protections of U.S. user data, migrates U.S. user data to databases on American soil, and gives access to the protected data only to a U.S.-based TikTok subsidiary called USDS.

TikTok does note, however, that in some limited cases, non-USDS employees may gain access to the protected data for legal or compliance purposes, but this access must first be authorized by USDS.

Whether this move will shift U.S. officials’ perspectives remains to be seen, but it is also meant to provide peace of mind to average U.S. TikTok users as well.

How to protect your data on TikTok

Unfortunately, TikTok isn’t the only entity out there that wants access to your personal data. Since TikTok is such a widely used app, it is ripe with opportunity for malicious actors. In order to keep your data safe, you should at least consider tweaking your privacy settings. For more protection, there are other actions you can take.

Make your TikTok account private

Set your account to private so only people connected to you will be able to access your content. This setting is also important in making TikTok safe for kids and minors, as all accounts are set to public by default.

1. Open your profile page.
2. Select the menu button located in the top-right corner of the app and choose Privacy and settings.
3. Under the Privacy and safety option, toggle Private account to on.

Limit who sends you direct messages

Messages coming from unknown users can contain phishing attempts like malicious links or TikTok scams that could compromise your data. This is why we recommend that only friends can send you direct messages.

1. Navigate to Privacy and safety and select Who can send messages to me.
2. Choose whichever option works best for you, between Everyone, Friends, or Off.

Limit who comments on your posts

Malicious actors can hide viruses in links, even in comments, which is why we recommend allowing only friends to comment on your posts.

1. Under Privacy and safety, select Who can send me comments.
2. Selecting Friends will allow only people you know to comment on your posts.
3. You may also turn off comments completely on specific posts by selecting Comments off in the menu button of the post.

Control how your account is suggested to others/searched for

Changing this setting can reduce the number of fake or malicious accounts that will try to add you in order to send you scams and malware.

1. Within Privacy and settings, select Suggest your account to others.
2. Turn off the toggle Suggest your account to others.
3. With this setting turned off, your account will not come up in search engine results and will not be suggested to users who you are not already connected with.

Use two-factor authentication

Two-factor authentication (2FA) can prevent someone from logging into your account on a different device even if they have your password information.

1. Select Profile.
2. Select the menu button located in the top-right corner of the app.
3. Select Security and login > 2-step verification.
4. Choose verification methods (between SMS, email, and password).
5. Select Turn on. Enter your password and any additional credentials necessary. The app will guide you through the rest of the process.

Keep TikTok updated and use antivirus

When new forms of malware are discovered, companies like TikTok update their apps in order to protect the apps from these viruses. Be sure to always keep TikTok up to date with the most recent patch, to take advantage of these protections. Since companies can’t always catch every new virus before it spreads, you should consider installing some form of antivirus on the device on which you use TikTok.

Use a virtual private network (VPN)

VPNs are powerful services that hide your real IP address and encrypt your internet traffic in order to keep your identity, location, and data private. Since VPNs allow you to choose IP addresses around the world, the TikTok app won’t be able to use your real IP address to geolocate you.

However, geo-spoofing can cause some problems, depending on where the VPN routes your IP address to. For instance, if you route your IP address to a location where TikTok is banned, the app may not work. Conversely, if you reside in a region where TikTok is banned, you can choose an IP address in an area where TikTok is allowed, in order to use the app.

Best VPNs for TikTok

The best VPNs for TikTok will enhance your online safety and keep your data out of TikTok’s hands. Look for VPNs with strong encryption, a no-logs policy, and plenty of security features. Here are three of our favorites to get you started.

• ExpressVPN: ExpressVPN is a great VPN for TikTok because of its server obfuscation technology that hides VPN activity — allowing you to use TikTok even in areas of the world where it’s banned. ExpressVPN is one of the fastest VPNs on the market, has a large server network in 90+ countries, and comes with a useful set of security features.
  
  See ExpressVPN Plans | Read Our ExpressVPN Review

• NordVPN: Our winner for best VPN of 2023, NordVPN comes with full-leak protection, dark web monitoring, and a feature that alerts you if the email address you’ve used for your TikTok account has been hacked. NordVPN will also scan TikTok videos you download for malware and is user friendly. Plus, NordVPN has an ad blocker feature called Threat Protection, so you can skip the TikTok ads.
  
  See NordVPN Plans | Read Our NordVPN Review

• Private Internet Access (PIA): PIA provides some advanced customizable options that other VPNs do not, allowing you to choose encryption levels and VPN protocols in order to heighten security and increase speeds while using TikTok. Its apps are also friendly for first-time VPN users, making it a great option for beginners and advanced users alike.
  
  See PIA Plans | Read Our PIA Review

TikTok data privacy FAQ

Bottom line: Is TikTok safe?

In a world where every app, website, and corporate entity is vying for your personal data, “safe” is a relative term. It is open knowledge that TikTok collects enormous amounts of data from its user base and that it shares that data with many third parties. However, its practices are not much different from other social media apps.

If you are an individual with high-level privacy concerns, TikTok isn’t safe to use. Otherwise, be sure to adjust your privacy settings, use a VPN, and install antivirus to stay safe on social media platforms like TikTok.