French Data Protection Agency Launches Inquiry into TikTok Data Privacy
French privacy authority, Commission Nationale de l’Informatique et des Libertés (CNIL), has opened an investigation into social media app TikTok. The inquiry reportedly involves how TikTok handles user data.
Under the European Union’s General Data Protection Regulation, commonly known as GDPR, European citizens retain the right to control their personal data including having it permanently deleted if they so choose. The investigation comes on the heels of a request by an EU citizen to remove a TikTok video.
While U.S. politicians have labeled the app a national security threat it is largely considered benign by European Union (EU) politicians.
Is TikTok Safe?
TikTok is a mobile app where users can upload short-form videos and share them with other users. The videos range in length from three seconds to 60 seconds. TikTok is owned by Beijing-based parent company ByteDance. The company is suspected of sharing user data with the Chinese government.
TikTok is not allowed in China. Instead a locked down version of the app call Diane is used within China.
TikTok has been under fire recently for data privacy concerns. In June India banned TikTok for all of Army personnel after a border skirmish with China. Shortly after that, the app was forbidden for all Indian citizens.
This month, US President Trump signed an executive order stating that TikTok will be banned for all US citizens by mid-September if ByteDance did not sell an interest to a US-based organization. Furthermore, sanctions would be imposed to forbid any US company from doing business with ByteDance.
A second executive order extended the same conditions to Chinese company Tencent which owns interests in a number of games and internet properties including popular app WeChat.
Even with bans in place Internet users commonly use virtual private networks (VPN) to get around firewall restrictions and blocked content. IPVanish VPN and TunnelBear VPN both work well to bypass restrictions that censor apps and online content.
What is GDPR?
The General Data Protection Regulation, known as GDPR, is the European privacy regulation that went into effect on 25 May 2018. it concerns the processing of personal data personal data which can broadly be defined as any information that relates to or could identify a living individual. Each European Union country implemented GDPR separately with their own law that changes some of the specifics – such as what age is considered to be a minor. Each country has its own official regulatory agency that is free to pursue cases against entities that they believe have failed to uphold GDPR. CNIL is France’s regulatory agency that enforces GDPR.
What s CNIL?
The National Commission of Informatics and Civil Liberties (CNIL) is a French regulatory body based in Paris, Ile-de-France, France. They organization is an independent public authority responsible for the protection of personal data. According to their website, the mission of CNIL is “To protect personal data, support innovation, preserve individual liberties.”
CNIL Google Sanction
On 29 June 2020, CNIL announced a decision that was issued on 21 January 2020. CNIL imposed a €50 million sanction on Google LLC for lack of transparency, unsatisfactory information, and lack of valid consent for ads personalisation.