Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
The popular video app TikTok has found itself at the center of a new scandal over violations of European data protection regulations.
The service has been found to track users’ activity not only within its own platform, but also outside of it, on other apps and third-party websites. Austrian digital rights organization noybhas filed two complaints against TikTok and its partners: the Israeli company AppsFlyer and the dating service Grindr .
The case arose when a user discovered that TikTok had obtained data about their activity on other apps, including Grindr. This information included, for example, adding items to their cart and other actions that could reveal intimate aspects of their personal life. This data falls into a special category under Article 9 of the General Data Protection Regulation (GDPR) and can only be processed in exceptional cases. The user did not consent to the transfer of this information.
The investigation revealed that the data was first collected by Grindr, then transferred to AppsFlyer, and finally transferred to TikTok . Therefore, all three companies were involved in the transfer and processing of sensitive data without any legal basis. Experts at noyb emphasize that none of the parties involved in this chain had the right to disclose this type of information, especially given its sensitive nature.
In addition to illegal tracking, the second complaint concerns TikTok’s refusal to provide complete personal data upon user request. Although the company offers a dedicated tool for downloading information, it later admitted to only providing the data it considers most “critical.”
Despite repeated requests, TikTok has not disclosed what data it processes and why. According to the noyb team, this constitutes a direct violation of Articles 12 and 15 of the GDPR, which establish users’ right to complete and comprehensible information about their data.
Noyb is asking the regulator to force TikTok to disclose the missing information and to cease the unlawful data processing by all three companies. It also proposes a substantial fine that would not only compensate for damages but also serve as a warning to other companies that violate European legislation.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
