TikTok: A threat to Cybersecurity

This blog is inscribed by Poulomi Sen.


TikTok is a social networking service, owned by a Beijing based company named Byte Dance and is used to create and share videos, short lip-sync clips and several audio-visual clips. It has billions of users worldwide and its popularity is spreading worldwide like a virus as it tends to grab the attention of people of all age groups, predominantly children. Children, without having a basic understanding of cyber etiquette and security, uses the app frequently to compete with other users to build up their popularity by gaining maximum likes, comments and followers. In the process, without even being aware of the devastating consequences, they invite several legal issues, which can be life-threatening at times. Steve Huffman, the CEO of Reddit, very recently on Feb 2020, claimed the app to be fundamentally parasitic and called it a “spyware”[i].

Legal issues arising due to the unregulated usage of TikTok

Several complications in recent times have aroused due to the unregulated usage of the app which includes but is not limited to the following mentioned issues:

Violation of privacy:

TikTok, in its privacy policy, collects usage information, IP addresses, a user’s mobile carrier, unique device identifiers, keystroke patterns, and location data, among other data, putting the users’ data privacy at risk. Children and parents, who post their kids’activity, have a propensity to share truthful information regarding their location and identity, which ultimately imposes a severe threat on them. Another security flaw has been detected by Check Point Research in Jan 2020 and it was discovered that hackers can have access to the user’s account using SMS, enabling them to reveal the user’s information[ii].

TikTok, in the very recent times, was fined $5.7 million by US Federal Trade Commission for infringing Children’s privacy rights, underChildren’s Online Privacy Protection Act (COPPA), making it the largest penalty case of Children’s privacy violation in history[iii].

Rule summary of Children’s Online Privacy Protection Act, 1998[iv]:

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.”

Parent’s approval and consent were not solicited prior to extracting information of children below the age of 13, thereby violating the basic principle of COPPA. Nevertheless, it is quite evident that the imposition of this humongous penalty is in consonance with such weak privacy policy. Subsequent to this, TikTok has launched a new product exclusively for kids below the age of 13 and has also introduced parental control over their child’s activity. Also, an initiative is taken to strengthen its privacy policy by imparting knowledge regarding privacy and security matters via tutorials.

In May 2020, an investigation regarding Children’s privacy protections was announced by the Dutch Data Protection Authority whose preliminary results are expected by the end of 2020[v].

It will be examined and scrutinized if the app mentions the way it uses user’s data and also to what extent parent’s approval is required in order to collect, store and use children’s personal data.


Kids nowadays are using the app without being well versed with the notions of cyber-etiquette which has enhanced the number of cyber-crimes such as cyber-bullying and sexual exploitation. Kids nowadays are so inclined towards becoming a “celebrity” by making their content viral that their vulnerabilities to impress their audience are often exploited by sexual predators and paedophiles. The App has features like “For you” and “duet feature” which exposes the content to strangers, thereby amplifying the risk of cyberbullying, racism, child abuse, child pornography and suicides.

Vineet Kumar, the President of Cyber Peace Foundation, a cybersecurity think tank said[vi]:

There have been pressing challenges like exposure to sensitive content, predatory behaviour, and harmful impact on a child’s mental health due to not being able to be as popular as their peers.”

The moderators were instructed by TikTok to suppress posts  and access to videos created  by the unpresentable users having “abnormal body shapes”, “disabled”, “over-weight” “ugly facial looks”, “too many wrinkles,” or residing in “slums and rural fields” and “dilapidated housing”  to prevent cyberbullying[vii].

Indian Cases on China-based company, TikTok

  • PIL [Writ Petition (MD) no. 7855 of 2019] was filed by one S. Muthukumar against the Telecom Regulatory Authority of India, Ministry of Communications, District Collector (Madurai District), Commissioner of Police (Madurai) and the Business Head of TikTok.

A petition was filed by a Madurai-based senior lawyer-cum-social activist directing a ban on Tik-Tok because of the humongous cases of pornography, cultural degradation, child abuse, suicides arising from its excessive usage.

The Madras High Court opined that the “dangerous aspect” of  TikTok is the “inappropriate” content. It also said “there is a possibility of the children contacting strangers directly”, thereby violating privacy. Therefore the High Court on 3rd April 2019, directed the Centre to put a ban on the usage of Tik-Tok, subsequent to which on 17th April, the app was taken off from Apple and Google stores[viii].

However, on 25th April, the ban was lifted as it was observed that instead of putting a ban, stringent statutory guidelines should be framed and offending content should be removed from the app.

  • ShibaniBarik v. State of Odisha[ix]

Noticing the rise in cyber-bullying cases, the Orissa High Court recently laid emphasis on the need for strict regulation of Tik-Tok App as its inappropriate usage has taken several innocent lives by harassing victims.

Justice S.K Panigrahi observed that:

TikTok Mobile App which often demonstrates a degrading culture and encourages pornography besides causing paedophiles and explicit disturbing content is required to be properly regulated so as to save the teens from its negative impact.

The judge in his order has also observed that India lacked a specialized statute to address crimes like cyberbullying effectively, though the various sections of the Information Technology Act, 2000 do cast an obligation upon such companies to take down offensive content and exercise due diligence. He further stressed on the exigency of training investigating officers to deal with such techno-legal issues in an efficient manner.

Procedure of Regulation

Some of the numerable steps that could be taken by the user to limit the access to their content, thereby safeguarding themselves from the adverse effects of the app, are as follows:

  • Setting profile to private
  • Disable “duet feature”
  • Using “Restricted Mode” to put restrictions on comment and content
  • Parent enabling “Family pairing mode”, linking the child’s account to the parent’s account.
  • Sharing minimal personal information
  • Refraining from sharing location
  • Getting well versed with the basics of cyber etiquettes and cyber law.


The users of the app are escalating rapidly amid the lockdown. Children without having an insight into the devastating consequences arising from the unsecured usage of the app tend to create and post videos to increase their popularity. Such acts can lead to cyber-bullying and privacy violations which further has the potential to take one’s life. In order to refrain from taking such risks, the activity of children should be strictly monitored by parents and the necessary steps should be taken in order to safeguard them from the dreadful impacts of the app.

[i] Reddit’s CEO explosively described TikTok as ‘parasitic’ and ‘spyware’, available at,  https://www.businessinsider.in/politics/news/reddits-ceo-explosively-described-tiktok-as-parasitic-and-spyware/articleshow/74336932.cms

[ii]TikTok flaws could have allowed hackers access to user accounts through an SMS, https://tech.hindustantimes.com/tech/news/tiktok-flaws-could-have-allowed-hackers-access-to-user-accounts-through-an-sms-story-2bRiI7rtvIC9GF38h9SHhN.html

[iii]F.T.C. Hits Musical.ly With Record Fine for Child Privacy Violation, available at, https://www.nytimes.com/2019/02/27/technology/ftc-tiktok-child-privacy-fine.html

[iv] Federal Trade Commission, COPPA, 1998 available at, https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule

[v]TikTok subject of Dutch Data Protection probe, available at,  https://www.euronews.com/2020/05/12/tiktok-subject-of-dutch-data-protection-probe

[vi]TikTok ban in India, The Indian Express, available at, https://indianexpress.com/article/parenting/family/tiktok-video-app-child-safety-cyber-bullying-5664906/

[vii] Invisible Censorship, The Intercept, available at,  https://theintercept.com/2020/03/16/tiktok-app-moderators-users-discrimination/

[viii] Ban TikTok, its encouraging pornography: Madras High Court to Centre, NDTV, available at, https://www.ndtv.com/india-news/madras-high-court-directs-centre-to-prohibit-downloading-of-tik-tok-app-2017482

[ix]ShibaniBarik vs State of Orissa, 1987 AIR 1265

Leave a Reply

Your email address will not be published. Required fields are marked *