Thune, Moran Request FTC Investigation of TikTok Data Practices
The FTC should investigate TikTok’s “consumer data collection and processing practices,” Senate Majority Whip John Thune, R-S.D., and Senate Consumer Protection Subcommittee Chairman Jerry Moran, R-Kan., wrote FTC Chairman Joe Simons Thursday.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
The lawmakers cited a Wall Street Journal article detailing TikTok’s “undisclosed collection and transmission of unique persistent identifiers from millions of U.S. consumers until November 2019.” They noted allegations that owners of the Chinese app discretely collected media access control (MAC) addresses, used commonly for ad targeting purposes, through Google Android’s “operating system under an ‘unusual layer of encryption.’” The FTC and TikTok didn’t comment.
Thune and Moran cited the potential relevance to President Donald Trump’s executive order banning U.S. transactions with TikTok's parent company (see 2008070061). They requested that the FTC investigate any activity involving “these accusations and other possible harmful activities posed to consumers.”
Such MAC collection is usually banned by major app stores like Google’s Play Store, Thune and Moran said. TikTok allegedly collected addresses from “unknowing consumers for at least 15 months and shared this information, bundled with other relevant personally identifiable information, with” parent-company ByteDance “to enable ongoing consumer tracking across accounts and apps,” they wrote.
The lawmakers asked how the FTC related MAC addresses to personally identifiable information in relation to Section 5 of the FTC Act, which governs unfair and deceptive practices. They sought answers on whether TikTok obtained consent and assurances that MAC collection has ended at the company. They asked the agency to describe what conversations the FTC had with third party app store hosts on MAC address collection, noting MAC addresses are considered personally identifiable information under the Children’s Online Privacy Protection Act. They asked if the FTC has fielded complaints of third-party apps collecting MAC addresses “in conflict with app store policies.”
Trump threatened to put TikTok out of business if it doesn’t sell by September. Lawmakers sought State Department briefings (see 2008030027), and legislation recently passed banning the Chinese app from federal devices (see 2008060046). Nebraska banned the app on state devices (see 2008120052).