Study reveals how much data TikTok collects from its younger users

David Murphy

TikTok was the most downloaded social media app in the world in 2020 and is particularly popular with children. In fact, users aged 10 to 19 made up 25 per cent of TikTok’s users in 2021, the largest share of all age groups. With this in mind, cyber security firm VPNOverview.com launched a study to to investigate just how safe children’s data is on TikTok. The study looked at the social network’s privacy policy to establish what types of data it collects from regular users, as well as younger users, aged 12 or less.

For children under 13, TikTok has created a ‘younger users’ version of the app to comply with the Children’s Online Privacy Protection Act (COPPA) that limits what data the app can collect from them. It is not a redesign of the app made for kids, but rather an absence of features from the regular version.

Less data is collected from TikTok’s younger users compared to users aged 13 and over. Younger users also cannot publicly share personal information, including videos or profile details.

Still, the app collects a significant amount of information regardless. According to TikTok’s privacy policy, it collects information such as: name, birth date, username, password, the IP address of the child’s device, browser details and location. VPNOverview.com notes that it s easy for a child to set up a regular TikTok account simply by changing their birth date in which case, much more data will be collected.

What data does TikTok collect?
By default, TikTok collects a lot of data about user activity. It shares this data with third parties, such as business partners, service providers, and advertisers, among others. The following is what TikTok collects about its users on both the regular app and the ‘Younger Users’ version, according to the company’s privacy policy.

For users of all ages, TikTok collects the user’s username and password; date of birth; email and/or phone number. It also collects the device ID; IP address; web browser type and version; location (down to country level); video watches; time in the app; and general usage data.

For users over the age of 13, much more data is collected, including a profile photo, profile video, and any information disclosed on the user’s profile. On the device front, it also collects data relating to the user agent; mobile carrier; time zone settings; identifiers for advertising purposes; model of device; the device system; network type; screen resolution and operating system; app and file names and types; keystroke patterns or rhythms; battery state; audio settings; and connected audio devices.

Location data is more granular too, based on the user’s SIM card and/or IP address, and more precise location data, such as GPS. Additional in-app activity data collected for those aged over 13 includes preferences, list of followers, and list of those the user is following.

For older users, TikTok also collects photographs; audios, and videos the user uploads or creates; comments and livestreams made by the user; and clipboard data. It also collects data on in-app purchases, including purchases made; the date and time when purchases were made; and the amount spent; as well as payment card numbers or third-party payment information, such as PayPal. Finally, for users aged over 13, TikTok collects their phone contact list and Facebook contact list.

VPNOverview.com advises parents to take precautions when setting up an account for a young child, such as using an avatar instead of a selfie for their profile picture, as this is visible to everyone, whether their account is public or private. It also advises going into the privacy security settings to ensure that the child has a private account, so that only users they approve can follow their account and watch videos.

“Ensuring a child’s safety on the internet can be a tedious undertaking. After all, why would a ten-year-old care about data security? Chances are they won’t. They just want to watch funny videos on their phone,” the company said. “We should all stay vigilant and critical about what kind of data these apps are collecting and where they may be using them. ‘Free’ apps and services still need to make money, so if users aren't paying for services, it is likely that they’ll be making money elsewhere – by sharing your data with third parties.”