The news: Internal documents reveal a disturbing practice within TikTok's parent company, ByteDance. Employees have been sharing user data, including personal information and potentially illegal content, on Lark, an internal communication platform akin to Slack, according to reporting from The New York Times.
This report comes just a day after Surgeon General Vivek Murthy warned about potential detrimental impacts of social media on young people's mental health and well-being. Murthy’s warnings weren’t directly about TikTok—but the platform has been in the news more than other younger-skewing apps of late.
Why it matters: Despite TikTok's efforts to dissociate its US operations from ByteDance and shift American user data to domestic servers under Project Texas, this latest incident counters TikTok's assurances; reports suggest the data exposed on Lark was stored on servers in China until recently.
How agencies might respond: This news raises new security concerns and has broader implications for TikTok's market position, potentially providing an opening for competitors like YouTube Shorts and Instagram Reels.
Our take: Exposing sensitive user information like credit card details or driver's license numbers poses a greater threat than potential Chinese spying, as it could draw the attention of malicious actors. Such recurrent breaches cast doubt on TikTok's internal operating procedures, pointing to a systematic neglect of user privacy and security.