The Proposal to Ban TikTok: Shifting Perceptions on Data Use

Recent calls from Congress to ban the TikTok app from Beijing-based ByteDance from U.S. government employees, and more broadly from American citizens phones in general, may or may not come to pass. But the impetus behind the movement represents a sea change in the online data economy’s traditional business model, and any company engaged in the use of customer’s personal information for marketing purposes, should pay close attention to what comes of this proposal and its outcomes.

The Call to Ban

While the bi-partisan ban is clearly politically motivated and driven largely by geopolitical and international security tensions, at the root of the effort to remove the app from American users’ devices is the fear that Americans’ personal information is being collected and used in unseen and potentially harmful ways. So regardless of whether this legislative initiative gains traction and becomes law or not, it’s bringing awareness to both consumers and regulators alike about the use and misuse of consumers personal information.

Consequences for Customer Focused Companies

As all good privacy, IT security, and compliance professionals know, beginning with the GDPR and expanding over the last few years to many other international and U.S. state privacy laws, legal requirements for the stewardship of consumers’ personal information is increasing at a rapid rate. The collection, use, and eventual deletion of customer information needs to be managed in an organized, thoughtful, and increasingly automated manner. Consumer rights are proliferating, and while currently only offered to consumers based on specific geographical jurisdictions, the trend is likely toward an eventual requirement of these rights for all, regardless of legal residence.

Conclusions

The time to act and update, or create, your organization’s personal information data management program is now. Maturity exercises should include reviewing and updating:

• Information management policies and procedures,
• IT systems that map information flows,
• Consent collection and maintenance records,
• Deletion schedules,
• Provisions for providing customer (and in some cases, employee, contractor and applicants) rights to view, access, correct and delete their personal information from your records.
• Among others.

Having robust policies, procedures and staff resources dedicated to these activities will be critical to maintaining current and future customer trust and staying off the radar of regulators increasingly targeted enforcement scans.

For information on how LevelUP can help you with any or all of these requirements, please contact Dave Cohen, Director, at LevelUP Consulting Partners at: dave.cohen@levelupconsult.com, and we’d be happy to set up a free, short consultation to hear about your program needs.