Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach

Popular video-sharing platform TikTok on Tuesday agreed to pause
a controversial privacy policy update that could have allowed it to
serve targeted ads based on users’ activity on the social video
platform without their permission to do so.

The reversal, reported by TechCrunch[1], comes a day after the
Italian data protection authority — the Garante per la Protezione
dei Dati Personali — warned the company against the change, citing
violations of data protection laws.

“The personal data stored in users’ devices may not be used to
profile those users and send personalized ads without their
explicit consent,” the Garante said[2].

The formal warning was in response to a privacy policy revision
that noted it had historically asked users’ “consent” to their
on-TikTok activity and off-TikTok activity to serve personalized
ads and that, therefore, it intends to stop asking users for their
permission to profile their behavior and process personal data.

“From 13 July, 2022, TikTok will rely on its ‘legitimate
interests’ as its legal basis to use on-TikTok activity to
personalize the ads of users who are 18 or over,” the
ByteDance-owned company said[3]
in a notice announcing the changes.

The update to its personalized advertising settings covers users
who reside in the European Economic Area (EEA), the U.K., and
Switzerland.

The Garante, which said it launched a fact-finding exercise,
noted that the proposed policy modifications are incompatible with
the Italian personal data protection law as well as the E.U.
ePrivacy Directive[4], which regulates cookie
usage, email marketing, data minimization, and other aspects of
data privacy by mandating a user’s consent before processing such
information.

CyberSecurity

“Both legal instruments set out explicitly that the data
subjects’ consent is the only legal basis for ‘the storing of
information, or the gaining of access to information already
stored, in the terminal equipment of a subscriber or user,'” the
watchdog pointed out.

It further added that “processing data on the basis of its
‘legitimate interest’ would be in conflict with the current
regulatory framework, at least with regard to the information
stored in users’ devices, and would entail all the relevant
consequences also in terms of corrective measures and fines.”

The latest intervention from the Garante also arrived less than
two weeks after it attracted scrutiny[5]
in the U.S. over worries that U.S. users’ data had been accessed by
TikTok engineers in China, prompting the company to establish new
guardrails.

References

  1. ^
    TechCrunch
    (techcrunch.com)
  2. ^
    said
    (www.garanteprivacy.it)
  3. ^
    said
    (www.tiktok.com)
  4. ^
    ePrivacy
    Directive     (www.garanteprivacy.it)
  5. ^
    attracted scrutiny
    (thehackernews.com)

Read more