Happy Sunday CIPAWorld! Hope everyone had a wonderful Thanksgiving!
Data privacy lawsuits are EXPLODING and one of our country’s most popular mobile app — TikTok’s privacy issues keep piling up.
Following its recent $92 million class-action data privacy settlement for its alleged violation of Illinois Biometric Information Privacy Act (BIPA), TikTok is now facing a CIPA and Federal Wire Tap class action for collecting users’ data via its in-app browser without Plaintiff and class member’s consent.
The complaint alleges “[n]owhere in [Tik Tok’s] Terms of Service or the privacy policies is it disclosed that Defendants compel their users to use an in-app browser that installs JavaScipt code into the external websites that users visit from the TikTok app which then provides TikTok with a complete record of every keystroke, every tap on any button, link, image or other component on any website, and details about the elements the users clicked. “
Despite being a free app, TikTok makes billions in revenue by collecting users’ data without their consent.
“The world’s most valuable resource is no longer oil, but data.”
While we’ve discussed before, many companies do collect data for legitimate purposes with consent. However this new complaint alleges a very specific type of data collection practice without the TikTok user’s OR the third party website operator’s consent.
TikTok allegedly relies on selling digital advertising spots for income and the algorithm used to determine what advertisements to display on a user’s home page, utilizes tracking software to understand a users’ interest and habits. In order to drive this business, TikTok presents users with links to third-party websites in TikTok’s in-app browser without a user (or the third party website operator) knowing this is occurring via TikTok’s in-app browser. The user’s keystrokes is simultaneously being intercepted and recorded.
“Specifically, when a user attempts to access a website, by clicking a link while using the TikTok app, the website does not open via the default browser. Instead, unbeknownst to the user, the link is opened inside the TikTok app, in [Tik Tok’s] in-app browser. Thus, the user views the third-party website without leaving the TikTok app. “
The Tik-Tok in-app browser does not just track purchase information, it allegedly tracks detailed private and sensitive information – including information about a person’s physical and mental health.
For example, health providers and pharmacies, such as Planned Parenthood, have a digital presence on TikTok, with videos that appear on users’ feeds.
Once a user clicks on this link, they are directed to Planned Parenthood’s main webpage via TikTok’s in-app browser. While the user is assured that his or her information is “privacy and anonymous,” TikTok is allegedly intercepting it and monetizing it to send targeted advertisements to the user – without the user’s or Planned Parenthood’s consent.
The complaint not only details out the global privacy concerns regarding TikTok’s privacy practices (including FTC investigations, outright ban preventing U.S. military from using it, TikTok’s BIPA lawsuit, and an uptick in privacy advocate concerns) it also specifically calls out the concerns around collecting reproductive health information after the demise of Roe v. Wade this year:
“TikTok’s acquisition of this sensitive information is especially concerning given the Supreme Court’s recent reversal of Roe v. Wade and the subsequent criminalization of abortion in several states. Almost immediately after the precedent-overturning decision was issued, anxieties arose regarding data privacy in the context of commonly used period and ovulation tracking apps. The potential of governments to acquire digital data to support prosecution cases for abortions was quickly flagged as a well-founded concern.”
Esh. The allegations are alarming and the 76 page complaint can be read here: TikTok.
In any event, the class is alleged as:
“Nationwide Class: All natural persons in the United State whose used the TikTok app to visit websites external to the app, via the in-app browser.
California Subclass: All natural persons residing in California whose used the TikTok app to visit websites external to the app, via the in-app browser.”
The complaint alleges California law applies to all class members – like the Meta CIPA complaint we will have to wait and see how a nationwide class can be brought related to a CA statute.
On the CIPA claim, the Plaintiff – Austin Recht – seeks an unspecific amount of damages for the class but the demand is $5,000 per violation or 3x the amount of damages sustained by Plaintiff and the class in an amount to be proven at trial.
We’ll obviously continue to keep an eye out on this.
Until next Sunday, stay safe CIPAWorld.