TikTok illegally tracks users' shopping habits and dating app usage

The Austrian-based non-profit privacy organization , the European Digital Rights Centre (noyb) , has filed a formal complaint with the Austrian data protection authority, alleging that TikTok is improperly tracking users' behavior even when they are not using the app. The noyb report points out that information about what items users add to their carts in shopping apps, as well as their use of dating apps, may have been transmitted to TikTok.

TikTok unlawfully tracks your shopping habits – and your use of dating apps
https://noyb.eu/en/tiktok-unlawfully-tracks-your-shopping-habits-and-your-use-dating-apps

The two complaints filed by noyb with the Austrian data protection authorities are as follows:

1. Complaints against TikTok
The complaint revolves around the fact that complainants requested data access from TikTok and received incomplete responses.

2: Allegations of violations regarding the sharing of sensitive data against TikTok, AppsFlyer, and Grindr
The undefined processing of data outside of TikTok, data sharing and the lack of a valid legal basis for such processing constitute violations of Article 9 of the EU General Data Protection Regulation (GDPR) . In particular, noyb points out clear violations regarding the sharing of sensitive data, such as sexual orientation, which the GDPR only allows for in exceptional cases.

TikTok has been fined in the past for violating GDPR and has been criticized for its data privacy practices.

TikTok fined over 800 billion yen for illegally sending EU user data to China - GIGAZINE

In past cases, TikTok has been accused of improperly collecting user data, and according to noyb, TikTok may be tracking users' behavior even when they are not using the app and are using other apps. For example, noyb reported that usage data from Grindr, a dating app serving the LGBTQ community, was being sent to TikTok via AppsFlyer, an Israeli data company.

While users are generally notified about apps tracking their personal data, TikTok has no legal basis for exchanging personal data with third-party apps. Furthermore, tracking that could lead to inferences about sensitive information about a user's sexual orientation or sex life is a specifically protected category under the GDPR, and processing is prohibited except in exceptional cases.

noyb contacted TikTok multiple times, but TikTok initially refused to provide any information about what data was being processed or for what purpose. After repeated inquiries, TikTok acknowledged that it knows which apps users use and what actions they take within those apps, such as adding items to their shopping cart, and that it also collects information about Grindr usage. However, noyb criticized the company for failing to explain the purpose or legal basis of these actions, and for failing to meet the transparency obligations set forth in the GDPR.

noyb argues that not only should these unlawful processing actions be stopped, but that 'effective and dissuasive penalties' should be imposed under Article 83 of the GDPR.