On Tuesday, TikTok, the popular video-sharing platform, agreed to halt a controversial privacy policy update that could have allowed it to serve targeted ads based on users’ activity on the platform without their permission.
TechCrunch reported the reversal, which comes a day after the Italian data protection company (the Garante per la Protezione dei Dati Personali) warned the company against the change, citing violations of data protection laws.
The Garante said, “The personal data stored in users’ devices may not be used to profile those users and send personalised ads without their explicit consent.”
The formal warning was in response to a privacy policy revision that noted that the service had previously asked for users’ “consent” to their activity, both on and off TikTok, to serve personalised ads and that the platform intends to stop asking users for this permission.
The company, owned by ByteDance said, “from 13 July, 2022, TikTok will rely on its ‘legitimate interests’ as its legal basis to use on-TikTok activity to personalise the ads of users who are 18 or over.”
The new update covers users who reside in the European Economic Area (EEA), Switzerland, and the UK.
After reportedly launching a fact-finding exercise, the Garante stated that the proposed police modifications are incompatible with the Italian personal data protection law as well as the EU ePrivacy Directive, which regulates email marketing, user cookies and other aspects of data privacy by mandating a user’s consent before processing such information.
The watchdog said, “both legal instruments set out explicitly that the data subjects’ consent is the only legal basis for ‘the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user.'”
Additionally, it said that “processing data on the basis of its ‘legitimate interest’ would be in conflict with the current regulatory framework, at least with regard to the information stored in users’ devices, and would entail all the relevant consequences also in terms of corrective measures and fines.”
The intervention from the Garante arrives less than two weeks after TikTok attracted scrutiny in the US over concerns that US users’ data had been accessed by its engineers in China.