​​TikTok's user data sharing is an unforced error that could cause marketers to consider reallocating towards Shorts and Reels

The news: Internal documents reveal a disturbing practice within TikTok's parent company, ByteDance. Employees have been sharing user data, including personal information and potentially illegal content, on Lark, an internal communication platform akin to Slack, according to reporting from The New York Times.

  • This issue came to light when personal data of a British TikTok user, who lodged a complaint about another user's behavior, was shared on Lark, making it accessible to ByteDance employees globally. Driver's licenses of US users and potentially illegal content were also visible to ByteDance employees on Lark.
  • This practice, active since at least 2019, undermines TikTok's claims of robust data security and privacy measures.
  • This revelation adds to existing concerns about TikTok's potential security risks and ties to China that have led to the app's ban by various entities, including the state of Montana, universities, government agencies, and the military.

This report comes just a day after Surgeon General Vivek Murthy warned about potential detrimental impacts of social media on young people's mental health and well-being. Murthy’s warnings weren’t directly about TikTok—but the platform has been in the news more than other younger-skewing apps of late.

Why it matters: Despite TikTok's efforts to dissociate its US operations from ByteDance and shift American user data to domestic servers under Project Texas, this latest incident counters TikTok's assurances; reports suggest the data exposed on Lark was stored on servers in China until recently.

How agencies might respond: This news raises new security concerns and has broader implications for TikTok's market position, potentially providing an opening for competitors like YouTube Shorts and Instagram Reels.

  • Although a TikTok ban (or exodus caused by security concerns) would benefit Meta and YouTube, it would pose challenges for agencies primarily using TikTok. Advertising on Meta is costlier, reducing the reach of clients' budgets. However, Reels and YouTube Shorts offer similar features to TikTok, simplifying a potential switch in case of a TikTok ban.
  • Brands prioritize reaching their target demographics and meeting their advertising objectives rather than loyalty to a specific platform. Therefore, agencies targeting Gen Z and millennials, including Movers+Shakers, could transition smoothly to comparable platforms like Reels. As agencies shift toward Meta, comparative assessments of TikTok and Meta will enable brands to evaluate their content performance across both platforms.
  • Other agencies are also hedging their bets: Purpose-driven communications firm Fenton is urging the NGOs and foundations it collaborates with to produce short-form video content that is compatible with YouTube Shorts and Reels, while TikTok-focused agency Gassed has evolved its positioning into a user-generated content firm supporting multiple platforms.

Our take: Exposing sensitive user information like credit card details or driver's license numbers poses a greater threat than potential Chinese spying, as it could draw the attention of malicious actors. Such recurrent breaches cast doubt on TikTok's internal operating procedures, pointing to a systematic neglect of user privacy and security.

  • In fairness, TikTok continues to pledge to improve user data security and plans to introduce a new tool for handling US user data under Project Texas—although no completion date has been set.

"Behind the Numbers" Podcast