Why a TikTok ban does little to protect user privacy


In March, the U.S. House of Representatives approved a proposed law that would force ByteDance to sell TikTok or face a nationwide ban on the short-video platform. With the prospect of divesting TikTok's assets complicated by the enormous size of ByteDance's patent portfolio and China's control over technology exports, an outright ban appears to be the more likely outcome if the bill is approved by the Senate. However, a ban on TikTok would likely not help effectively protect the data of users from China – or any other country for that matter.

US lawmakers claim that a ban on TikTok would benefit national security, fearing that the company could hand over US user data to the Chinese government under certain legal obligations. However, concrete evidence that TikTok shared user information with the Chinese government is lacking. In 2020, The Washington Post reported “scant evidence” that TikTok shared US data with Chinese authorities, while a 2021 Citizen Lab study also found a lack of overt malicious behavior in its analysis of TikTok.

It is unlikely that a ban on TikTok alone would protect user data, considering that a significant amount of user data has been and continues to be collected in the US by both foreign and domestic tech players. Google was fined $391.5 million in 2022 for illegally tracking users' locations, while Facebook was fined by the US Federal Trade Commission in 2019 for a series of data breaches amounting to 5 billion US dollars.

Accordingly The Washington PostTikTok does not collect more data than its domestic counterparts, raising questions about whether banning the platform would actually improve user privacy when there are no similar laws for other companies that collect user data.

User data may also be traded in legitimate markets worldwide through third-party data brokers. According to a report published by NATO in 2020, LiveRamp, one of the largest US-based brokers, has access to over 1,500 data points from 2.5 billion people worldwide.

To curb third-party data trading, US President Joe Biden signed an executive order in February blocking the sale of information by US brokers to buyers based in “countries of concern” such as China, Russia and North Korea. However, enforcing this policy has proven difficult due to the difficulty of verifying buyers' locations and preventing the sale of data to intermediaries who can subsequently resell it to red-list countries.

Making matters worse is that tech companies are not considered brokers and can therefore sell data directly to any foreign buyer. Therefore, existing legislation is insufficient to prevent the sharing of U.S. data with foreign adversaries.

Ultimately, regardless of legal barriers, digital information can still be collected and traded illegally. For example the New York Times reported in 2018 that political consulting firm Cambridge Analytica was able to illegally collect private data from over 50 million Facebook users without their consent to influence the 2016 US presidential election.

Given these challenges, Calli Schroeder, senior counsel at the Electronic Privacy Information Center (EPIC), called the proposed ban an act of “security theater” that represents just a drop in the bucket in addressing national security concerns.

While the bill fails in the Senate, the door is open for further lobbying from TikTok, which is aggressively rallying its US users and urging them to call their senators and urge them to vote against the ban.

China is definitely ready to block any potential sale, although it remains to be seen whether the bill will come into force.