TikTok's global offices targeted in privacy probe by South Korean regulator
02 Apr 2020 12:33 pm by Wooyoung Lee
TikTok, a video-sharing app service run by ByteDance, is expected to receive a request soon from the South Korean communications regulator for information about how the service handles personal information of South Korean users as part of an ongoing probe into the service's personal-information management, MLex has learned.
The Korea Communications Commission, or KCC, is planning to contact one of the global offices of ByteDance that handles personal information of South Korean users in an effort to gather more details on how personal information is being processed, MLex was told.
The probe into TikTok started in October last year after South Korean lawmaker Song Hee-kyung of the Liberty Korea Party raised privacy concerns over TikTok's collection of personal information of South Korean users aged under 14 during a parliamentary inspection on government agencies at the time.
Song pointed out that TikTok has automatic access to users' location from IP addresses and SIM cards and this could lead to personal-data breaches. She raised privacy concerns especially for young teenage users.
The regulator conducted an on-site inspection at ByteDance's Seoul office shortly after the lawmaker raised the privacy concerns. The regulator learned that the Seoul office didn't manage the South Korean users' personal information and found the company had been managing that data using Alibaba Cloud's service in Singapore since May 2017.
TikTok has global offices in Los Angeles, New York, London, Paris, Berlin, Dubai, Mumbai, Singapore, Jakarta, Seoul and Tokyo.
The South Korean investigation aims to find out whether the transfer of personal information of South Korean users to overseas destinations has been made with consent and notified to South Koreans users. The regulator also wants to find out whether TikTok collects personal information of children under 14. The regulator alleges that TikTok has users under 14, because it learned that the service doesn't check users' age as part of the process when they sign up for the service.
The regulator is also looking into the overall data-collection practices, consent procedures and information sharing with third parties to see whether they violate South Korea's Network Act.
The country's Act on Promotion of Information and Communications Network Utilization and Information Protection stipulates that communications-service providers must obtain consent from legal representatives of children under 14 when they collect, use and dispose of personal information of young users.
The law also requires users' consent before businesses can transfer users' personal information to overseas destinations.
The regulator has also sent a request to ByteDance's headquarters in Beijing for information and documents related to personal-data collection and management.
TikTok has been under growing scrutiny globally for privacy risks and how it handles the personal data of young users, and it has been the subject of national security concerns in the US related to its ownership by Chinese company ByteDance.
As the EU marks the second anniversary of GDPR, large US tech companies should prepare for regulatory enforcement in the months ahead.
22 May 2020 4:28 pm by Vesela GladichevaAs the Irish privacy watchdog sends its Twitter probe off to EU counterparts for review today, it will doubtless hope for quick, constructive feedback.
21 May 2020 7:29 pm by Amy MillerClearview AI is invoking a legal shield used by social media companies hoping to defeat Vermont privacy lawsuit