tiktok-postpones-privacy-policy-update-in-europe-after-italy-warns-of-gdpr-breach

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach

Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users’ activity on the social video platform without their permission to do so.

The reversal, reported by TechCrunch, comes a day after the Italian data protection authority — the Garante per la Protezione dei Dati Personali — warned the company against the change, citing violations of data protection laws.

“The personal data stored in users’ devices may not be used to profile those users and send personalized ads without their explicit consent,” the Garante said.

The formal warning was in response to a privacy policy revision that noted the service had historically asked users’ “consent” to their on-TikTok activity and off-TikTok activity to serve personalized ads and that, therefore, it intends to stop asking users for their permission to profile their behavior and process personal data.

“From 13 July, 2022, TikTok will rely on its ‘legitimate interests’ as its legal basis to use on-TikTok activity to personalize the ads of users who are 18 or over,” the ByteDance-owned company said in a notice announcing the changes.

The update to its personalized advertising settings covers users who reside in the European Economic Area (EEA), the U.K., and Switzerland.

The Garante, which said it launched a fact-finding exercise, noted that the proposed policy modifications are incompatible with the Italian personal data protection law as well as the E.U. ePrivacy Directive, which regulates cookie usage, email marketing, data minimization, and other aspects of data privacy by mandating a user’s consent before processing such information.

“Both legal instruments set out explicitly that the data subjects’ consent is the only legal basis for ‘the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user,'” the watchdog pointed out.

It further added that “processing data on the basis of its ‘legitimate interest’ would be in conflict with the current regulatory framework, at least with regard to the information stored in users’ devices, and would entail all the relevant consequences also in terms of corrective measures and fines.”

The latest intervention from the Garante also arrives less than two weeks after TikTok attracted scrutiny in the U.S. over worries that U.S. users’ data had been accessed by its engineers in China, prompting the company to establish new guardrails.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Nearly 500 million WhatsApp User Records Sold Online

Nearly 500 million WhatsApp User Records Sold Online

In what is becoming a rather common trend, a threat actor is claiming to sell 487 million WhatsApp users’ mobile…
How to Create ISO Files from Discs – 3 Best Ways

How to Create ISO Files from Discs – 3 Best Ways

An ISO file is a disk image of an optical disc. It is a single file that contains all the…
All You Need to Know About Emotet in 2022

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive…