Does TikTok put the United States at serious risk?

Yes, TikTok, "the quarantine app", has gotten into several problems. Perhaps the most important is related to the fact that the United States government is evaluating prohibiting the application.

According to the Secretary of State of the United States Government, Mike Pompeo, the White House is seriously considering removing this application from the market because the company ByteDance Ltd., owner of TikTok, would be accessing through the application to personal information of its users which would generate a risk to the security of said country[1].

This leak is crucial since ByteDance is a company of Chinese origin, a situation that would have raised the redflags for the US government[2]. In other words, on this occasion we would not only be facing a possible violation of the right to privacy of millions of users, but the leak of information would threaten the security of the country due to its clear political and economic aspects.

However, the United States would not be the only country to order this measure. Weeks before this news, India and Hong Kong[3] they declared the ban of TikTok in their territories. The reason? The application would have been leaking personal information to the Chinese government, which would threaten the security of each of these countries.[4].

Yes, it is serious. However, the leak of personal information through social networks for political purposes No. it's something new.

Cambridge Analytica Case

In 2016, Facebook transferred the personal data of around 50 million of its users (such as name, age, social circle, political interests, "I like you", private messages, among others) to the company Cambridge Analytica. The latter was a company dedicated to the use of big data with very specific purposes.

Using the microfocalization technique, the company was able to carefully analyze what type of political propaganda (content, theme, and tone) it could send to each US citizen over the age of 21 with the intention of voting according to their psychological profile in an almost personalized way.[5] This propaganda would have been used in favor of Donald Trump's electoral campaign. In this way, Cambridge Analytica, showed what is strictly necessary to Facebook users to influence their electoral vote.

This situation constitutes a very subtle practice of information manipulation. The above, especially because voters were manipulated to carry out certain types of actions that, under other circumstances, they would not have carried out, which violates not only the right to determine who gives their data, but also their freedom to vote (a sphere relevant to the right to freedom of expression in a democratic society that builds its foundations according to freedom of thought as the United States certainly is).

In this regard, Cristopher Wyle, a Big Data expert and a former employee of the firm, following the Cambridge Analytica scandal, stated the following:   

"if you start to distort the perception of voters without their consent or knowledge, that is a basic violation of their autonomy to make free decisions, because they are voting based on things they think are real but are not necessarily real«[6].

But what great harm can it be for a company to obtain our data without consent to send us advertising, even if it is political propaganda?

The answer is really more complex than one imagines. And it is that from my point of view, it is possible to condense it, at least, into three reasons why it is worth thinking twice the next time you provide your personal data in an application or social network.

1. Your data is worth gold  

If it is not the first time that you read about data protection, you probably know that, today, the use and application of the big data (data intelligence) in the production processes of a company can generate significant economic income. That is why it is increasingly common for companies to allocate significant amounts of money in the development of the application of the big data. Some of them, for example, establish their own areas and others hire consultants specialized in the management and application of this technology. Cambridge Analytica, for example, was one of them.

What is the "raw material" of this business? The data of millions of people. In this way, as if it were gold, the big companies dedicated to the development of data technology dedicate their resources to obtain the greatest quantity and best quality of data to be used in their analyzes. This information, like any production process, is refined to obtain information that is literally worth gold.

Based on the aforementioned, taking into account that it is such a valuable asset, it is not logical that its collection, storage and treatment «cost nothing». 

2. Ability to influence your decisions

What will they do with the data after obtaining it? The purpose of obtaining personal data is to be able to generate profiles - general or specific - of consumers, users, citizens and, of course, voters.

In effect, the intelligence of the data allows to foresee movements of a certain group of people in any particular aspect. It allows, for example, to develop better products or services (taking into account the tastes of customers) and to identify and eliminate bottlenecks to improve production processes. 

However, data science can also predict and modify voter behavior. We saw this previously in the case of Cambridge Analytica. The company used the personal data of millions of Americans without consent to develop political campaigns according to the profile of each voter. This campaign was sent to feed from the Facebook of each voter. In the end, citizens, influenced by the information that was subtly made known to voters through Facebook, generated that millions of people were strongly influenced to vote for Donald Trump.

Has Facebook ever reported this? Has the social network ever mentioned that personal data was going to end up in the Cambridge Analytica database? Not.

File: Mark Zuckerberg F8 2018 Keynote (41118893354) .jpg
Photo Author: Anthony Quintano (CC BY 2.0)

As we see, the use of data intelligence generates benefits. However, this collection must be given prior information of the purposes for which they will be used. In this sense, providing personal data in any application without reading its terms and conditions, could generate negative effects on a small and large scale.

On the other hand, it could also be interesting to analyze and question the validity of using data intelligence to carry out political propaganda, even if it is obtained with the consent of the holders of the data. The foregoing, because political propaganda must be transmitted, among other terms, under equivalent conditions to all citizens. Likewise, the information must be complete and not fragmented, all with the aim that citizens inform themselves correctly about the proposals and opinions of a political group or an electoral candidate.

In this sense, it would not be legitimate for a political group to determine, by means of the microfocalization technique, to report only what the citizen would be interested in, creating, in this way, a "tunnel effect" to a particular aspect, diverting attention from other aspects that the voter I would not be taking into consideration. This discussion, even beyond data protection, I consider corresponds to a different aspect concerning the field of freedom of thought and choice.

Taking into account the level of influence of social networks, it is convenient to analyze it as an item on the agenda in terms of data protection and the exercise of fundamental rights, such as freedom of expression and thought that are the basis of a democratic society.

3. It constitutes an illegal practice

Using personal data for advertising purposes is not illegal or harmful. What is illegal is that its collection or treatment has been obtained or developed, in simple words, without complying with the procedure established in the personal data protection regulations.

In the case of Peru, Law 29733- Personal Data Protection Law, and its Regulations, Supreme Law 003-2013-JUS establish the "step by step" on the collection and processing of personal data in a valid way. 

In this regard, I am aware that creating a culture of personal data protection taking into account only the legal nuance is not enough. However, if we take into consideration the aforementioned aspects, I consider that the need to protect personal data from a legal point of view falls under its own weight. Thus, the decision to request information on the treatment of the data translates into the exercise of the effective right of the person and, consequently, becomes an obligation whose non-compliance generates consequences.

Given all the controversy surrounding the TikTok case, ByteDance has repeatedly denied the allegations made about the alleged collection of user information for the Chinese industry.

In fact, in recent days, TikTok has launched a series of actions aimed at demonstrating China's commitment to data protection and level of independence with regard to personal information obtained from millions of US users. Thus, for example, it has indicated that TikTok has hired around 500 Americans, including Kevin Mayer as CEO (former CEO of Disney) and is exploring the possibility of selling a majority stake in the company to US investors.[7].

On this situation, various opinions have been raised indicating that requesting the ban of TikTok in the US market does not solve the problem of lack of information and transparency regarding the processing of personal data. From my consideration, the problem is not TikTok, the problem is the lack of transparency policies, not only in this application, but in any application or web page that collects personal data at massive levels. In this regard, some cyber-policy experts such as Samm Sacks, from the New America Study Center, pertinently points out the following:

"If the concern is data security, the best way to protect data is to put TikTok under a microscope and establish really robust and enforceable rules for how data is being used and retained"[8].

In the same sense, Alex Stamos, former head of Facebook security and professor at Stanford University, has stated, pointing out the following:

«This is an opportunity to arrive at a thoughtful model on how to regulate companies operating in both the United States and China, regardless of ownership.[9]"

In this regard, although TikTok has implemented “transparency centers” where independent auditors will be able to analyze the company's practices in relation to content moderation, it has also begun to publish transparency reports similar to those presented by Facebook and Twitter regarding its policies. of information elimination, these self-regulatory practices do not seem to be sufficient compared to the level of control and management that the personal information company has. In that line, Kevin Roose of the New York Times points out: 

“After all, Facebook, Instagram, YouTube, Twitter, and Snapchat are playing a huge role in the lives of millions of Americans, and for years, they have operated with a degree of secrecy that few other companies of their size have been allowed. What little we understand about the inner workings of these platforms is often learned years after the fact, gleaned from internal leaks or sorry former employees. "

In sum, the TikTok debate should be an opportunity to discuss the level of control that technology companies handle and determine what should be required of them, whether their headquarters are in China, the United States or anywhere else in the world.

[1] Further information:

[2] In this regard, @Thecryptolegal has followed very carefully the changes that TikTok has made in relation to its privacy policies and its corporate changes regarding data control, among others. For more information:

[3] We must mention that Hong Kong, despite being within the Chinese geographical context, is considered an autonomous territory and, therefore, different from China.

[4] According to the newspaper La Vanguardia, “the government of India accuses Tiktok, WeChat (the Chinese WhatsApp) or Alibaba (the Chinese Amazon) of activities detrimental to the sovereignty and integrity of India (…) A month ago, a xenophobic application that promised clean the mobile of any Chinese app, but it was removed because of insecurity”. Available in:

[5] According to public information in this case, it is pointed out that even political propaganda could have been generated, even based on false facts.

[6] Further information:

[7] For more information:

[8] Free translation of: Don't ban Tiktok, make an example of it. Further information:

[9] idem.

- Advertising Notice-
María del Pilar Segura
Lawyer from the Pontificia Universidad Católica del Perú (PUCP). I am interested in topics related to Competition Law, Data Privacy and Digital Regulation. I believe in freedom with responsibility. Contact:


1,954Happy fans


*All fields are required
es Spanish