On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance.
The first suit alleges TikTok’s 12+ rating on the Apple App Store and a “T” for “Teen” rating in the Google Play Store and the Microsoft Store are misleading as minors are repeatedly exposed to inappropriate content generated by the app’s algorithm.
The second suit claims that TikTok violated consumer protection laws by not disclosing that China has access to sensitive user data.
“TikTok is a wolf in sheep’s clothing,” court documents read, echoing what Federal Communications Commission (FCC) Chairman Brendan Carr said about TikTok back in July.
“As long as TikTok is permitted to deceive and mislead Indiana consumers about the risks to their data, those consumers and their privacy are easy prey.”
TikTok declined to comment on the lawsuits; however, its spokesperson, Brooke Oberwetter, was quoted by The New York Times saying, “the safety, privacy, and security of our community is our top priority.” Oberwetter added:
“We build youth well-being into our policies, limit features by age, empower parents with tools and resources, and continue to invest in new ways to enjoy content based on age-appropriateness or family comfort.”
When TikTok CEO Shou Zi Chew attempted to assuage critics by pointing out that US data are hosted on servers managed and controlled by Oracle, an American company, and disputing claims that the Chinese government could access the data, the second suit stated that such statements are “false and misleading.”
“In addition to TikTok’s statements that some China-based employees may access unencrypted US user data, which includes Indiana consumers’ data, TikTok’s privacy policy permits TikTok to share information with ByteDance’ or ‘other affiliate of our corporate group,”” the suit claims. “ByteDance and any affiliates and their employees who are located in China or are Chinese citizens are subject to Chinese law and the oppressive Chinese regime, including but not limited to laws requiring cooperation with national intelligence institutions and cybersecurity regulators.”
Because ByteDance is subject to Chinese law, and TikTok’s privacy policy expressly permits TikTok to share data with ByteDance, TikTok’s statements that Chinese law does not apply to that data are false and misleading.
Banning TikTok is slowly becoming a trend among US states. On Tuesday, Outgoing Maryland Governor Larry Hogan issued a directive forbidding state employees from using several Chinese and Russian equipment and software, citing these present “an unacceptable level of security risk.” These include TikTok, Huawei products, ZTE, Tencent products, Alibaba products, and Kaspersky.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.