Firstly, the app collects a lot of data. A ton of data. Obscene amounts amount of personal data. GPS and location data, device information, browsing history, and even biometric data. What else? When you sign up, you agree to allow TikTok to share this data with anyone they want. Did you know you agreed to giving away all that data on your device to be sold, shared and distributed?
But wait, it gets better. Those very same terms of service include wide, overreaching authority and rights to user-generated content – your content – and all of it. This allows the company to use and distribute videos, pictures, and any other content without your consent or compensation. Copyright infringement? You don’t have a leg to stand on. All that hard work making great videos and content? That isn’t your content anymore once it’s been published. It now belongs to TikTok, you have given away your rights to the digital content.It couldn’t get worse, could it? It gets worse. Lastly, that wonderful contract you signed also included a waiver that you are not allowed to participate in any class-action legal proceedings against the firm. That means any malicious usage (that you didn’t already agree to), you will have to go after the company in arbitration and cannot use the court system. Good luck. All that is crazy right? Nope, you agreed to it. Here is another thought: do any employees in your organization have the app installed on their device? TikTok is not the only application with concerning terms of service and data usage, but it may be the most concerning. So, what can you do? All organizations should consider implementing policies that restrict the use of certain apps or devices, particularly those that collect significant data. Doing so will minimize the risk of data breaches or leaks. This is especially important for companies that handle sensitive information or have strict compliance requirements. Having simple standards and policies around corporate device usage at your organization that defines clear guidelines and best practices for users to protect themselves from apps with excessive data collection. This doesn’t just mitigate risk from social media apps, it can reduce significant amounts of cyber risk. Period. All organizations can leverage these media events to highlight their own security posture with regards to technology risk, operational outages, and cyberattacks. The good news? Setting clear standards and promoting buy-in to adhere to them is a very efficient and effective way to protect your critical assets. – Rob Stewart, White Tuque Founder & CEO