In August 2021, a TikTok user from Britain reported a disturbing incident on the platform. During her livestream, a man engaged in inappropriate behavior. To address the complaint, TikTok employees used an internal tool called Lark, similar to Slack, to discuss the incident and share the user’s personal data.
Lark, which is used by thousands of employees of TikTok’s Chinese owner, ByteDance, raised concerns because it allowed access to user data, including potentially illegal content. Some TikTok employees expressed alarm about this, as employees in China and elsewhere could easily view the information.
These revelations highlight the data and privacy practices of TikTok and its close ties to ByteDance. It has faced scrutiny over security risks and connections to China. In order to continue operating in the United States, TikTok presented a plan called Project Texas, which aimed to store American user data within the country and limit access to it by ByteDance and TikTok employees outside the United States.
However, there were contradictions regarding the level of access China-based workers had to U.S. user data. TikTok’s CEO downplayed their access, but internal reports and Lark communications revealed otherwise.
TikTok responded to these findings by stating that the documents were outdated and did not reflect their current data handling practices. They claimed to be in the process of deleting pre-June 2022 U.S. user data and making changes to their data management.
The use of Lark, an internal tool used across ByteDance subsidiaries, including TikTok, highlights ByteDance’s oversight of TikTok’s processes. Lark has been used to handle individual account issues and share documents containing personal information since at least 2019.
Instances of mishandled data on Lark included sharing images of identification documents and child sexual abuse materials. TikTok acknowledged these incidents and claimed to have reviewed and addressed them while implementing new processes.
The privacy and security division of TikTok has experienced reorganizations and departures, which may have affected their focus on privacy and security initiatives. The company assured that they have multiple teams working on privacy and security and have invested significant resources in Project Texas, but no completion timeline was provided.
Once Project Texas is finished, TikTok plans to conduct communications involving U.S. user data through a separate internal collaboration tool.
