TikTok postpones update of privacy policy in Europe after Italy warns of GDPR violation


Popular video-sharing platform TikTok agreed on Tuesday to pause a controversial privacy policy update that would have allowed it to display targeted ads based on users’ activity on the social video platform without their consent.

The reversal, reported by TechCrunchcomes a day after Italy’s data protection authority – the Garante per la Protezione dei Dati Personali – warned the company about the change, citing violations of data protection laws.

“The personal data stored on users’ devices should not be used to profile those users and send personalized advertisements without their express consent,” says Garante. said

The formal warning was in response to a revision of its privacy policy that noted that it had historically asked users “consent” for their on-TikTok activity and off-TikTok activity to display personalized ads and therefore intends to stop users from asking for their consent to profile their behavior and process personal data.

“From July 13, 2022, TikTok will rely on its ‘legitimate interests’ as its legal basis to use on-TikTok activity to personalize the ads of users 18 years of age or older,” ByteDance’s company said. said in a message announcing the changes.

The update of the personalized advertising settings applies to users who live in the European Economic Area (EEA), the UK and Switzerland.

De Garante, who said it had launched a fact-finding inquiry, noted that the proposed policy changes are incompatible with the Italian law on the protection of personal data and with the EU ePrivacy Directivewhich regulates the use of cookies, email marketing, data minimization and other aspects of data privacy by requiring a user’s consent before processing such information.

Both legal instruments explicitly state that the consent of the data subjects is the only legal ground for ‘storing information, or gaining access to information already stored, in a subscriber’s or user’s terminal equipment’, the watchdog pointed out.

It added that “processing data on the basis of its ‘legitimate interest’ would be contrary to the current regulatory framework, at least as regards the information stored on users’ devices, and would have all relevant consequences, including in terms of corrective action and fines.”

The Garante’s latest intervention also arrived less than two weeks after it came under scrutiny in the US over concerns that US users’ data had been accessed by TikTok engineers in China, prompting the company to set up new crash barriers.