TikTok's Web Browser Embeds Tracking Code in 3rd-Party Websites: Suit
TikTok surreptitiously intercepts the private communications of its users, alleged a Wednesday privacy class action (docket 1:23-cv-01430) in U.S. District Court for Northern Illinois in Chicago.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Plaintiff Melanie Tado of Cook County, Illinois, alleged TikTok intercepted her communications when she used its in-app browser to communicate with third-party websites by using JavaScript code it inserted to record every mouse movement, click, keystroke, URL visited and other electronic communication. The website communications constitute electronic communications under the Federal Wire Tap Act and were copied by TikTok in real time, she alleged.
TikTok uses the intercepted communications as part of its business model that monetizes personal information and data obtained via JavaScript from the website communications, the complaint said. Using “highly invasive and secretive practices,” TikTok unlawfully collects users’ private personal information and monetizes it through advertising, it said. The company generated an estimated $4.6 billion in 2021, it said, citing Business of Apps.
Most website visitors assume their detailed interactions with a website will be used only by that website “and not be shared with a party they know nothing about,” said the complaint, citing a May 2020 report from Cujo AI. Instead, when users browse within the TikTok app, websites are opened by its in-app browser, which is designed to insert JavaScript code into any third-party website users access while using the browser.
In the case of a user who visits a third-party website to make a purchase, the code could intercept, record and copy the user’s name, address, telephone number, data of birth and credit card information, plus the username and password for the third-party website, said the complaint. It could intercept private health information when users visit their healthcare providers’ website, it said.
The plaintiff seeks a judgment enjoining TikTok from continuing “unlawful practices.” It also seeks attorneys’ fees and legal costs, plus statutory, actual, compensatory, consequential, punitive and nominal damages, plus restitution and/or disgorgement of profits “unlawfully obtained.”