The news: Internal documents reveal a disturbing practice within TikTok's parent company, ByteDance. Employees have been sharing user data, including personal information and potentially illegal content, on Lark, an internal communication platform akin to Slack, according to reporting from The New York Times.
- This issue came to light when personal data of a British TikTok user, who lodged a complaint about another user's behavior, was shared on Lark, making it accessible to ByteDance employees globally. Driver's licenses of US users and potentially illegal content were also visible to ByteDance employees on Lark.
- This practice, active since at least 2019, undermines TikTok's claims of robust data security and privacy measures.
- This revelation adds to existing concerns about TikTok's potential security risks and ties to China that have led to the app's ban by various entities, including the state of Montana, universities, government agencies, and the military.
This report comes just a day after Surgeon General Vivek Murthy warned about potential detrimental impacts of social media on young people's mental health and well-being. Murthy’s warnings weren’t directly about TikTok—but the platform has been in the news more than other younger-skewing apps of late.
Why it matters: Despite TikTok's efforts to dissociate its US operations from ByteDance and shift American user data to domestic servers under Project Texas, this latest incident counters TikTok's assurances; reports suggest the data exposed on Lark was stored on servers in China until recently.
How agencies might respond: This news raises new security concerns and has broader implications for TikTok's market position, potentially providing an opening for competitors like YouTube Shorts and Instagram Reels.