TikTok is a privacy nightmare that I won’t touch - and at work, we are strongly recommended to not install the app on any personal devices. Some of the wording is a little vague, but technically statutorily compliant (especially in the EU).

The disclaimer about data deletion, rectification and disclosure “approvals” isn’t actually quite as nefarious as it seems. GDPR has stipulations that data subjects can only exercise their rights insofar as doing so doesn’t violate someone else’s rights. So it’s conceivable that a data deletion request could result in the unintentional deletion of another users data. But it’s actually more common that access or rectification have potential privacy rights violations and have to be adjudicated to some extent before responding.

NOW, as to whether TikTok abuses that adjudication process outside of CA and EU I can’t say. But if they did and were caught doing so, they could be sued by the FTC under Section 5 - unfair and deceptive business practices.

Expand full comment