TikTok tracks people across the web even if they are not users of the app, a new report has revealed.
The viral video platform uses similar data collection tactics to established tech giants like Alphabet (Google) and Meta (Facebook), according to data gathered by nonprofit organisation Consumer Reports.
TikTok receives information including a person’s IP address, their web browsing habits and search history, though some privacy settings can override how much data is tracked.
“I was genuinely surprised that TikTok’s trackers are already this widespread,” said Patrick Jackson, chief technology officer of security firm Disconnect, who was involved in the research.
“The only reason this works is because it’s a secret operation. Some people might not care, but people should have a choice. It shouldn’t be happening in the shadows.”
The Independent has reached out to TikTok for comment on the report.
A spokesperson told Consumer Reports that the data “is not used to group individuals into particular interest categories for other advertisers to target” and only uses the data of people without a TikTok account for “aggregated” reports.
“Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services,” the spokesperson said.
Examples of data reportedly shared with TikTok include information tracked by websites related to domestic violence, birth control and dieting.
TikTok, which overtook Google to become the world’s most popular site last year, said it is currently working with partners to avoid inadvertent transmission of certain kinds of sensitive information, such as data about children or health conditions.
It is not the first time that the app, owned by Chinese firm ByteDance, has faced scrutiny over its data collection practices.
Last month, the UK’s Information Commissioner’s Office served a “notice of intent” to TikTok following an investigation into how the company processed the data of children under the age of 13.
TikTok faces a £27 million fine if found to have been in breach of UK data protection laws.