Forbes’ investigation has found that sensitive business information from advertisers like Amazon, Disney, and the New York Times was widely available to staff at TikTok and ByteDance in the U.S. and China. Employees had access to financial agreements, tax information, customer data, and creative assets, raising concerns about privacy and security issues within the company. The U.S. government has been investigating TikTok’s handling of American data, leading to potential legislation that could ban the app in the U.S. unless ByteDance divests from it.
Employees in TikTok’s advertising division described a chaotic environment where underpaid sales roles were under pressure to meet aggressive revenue goals, leading to questionable sales tactics. Some employees admitted to using advertisers’ information to push their rivals to spend more on TikTok, which they considered unethical. TikTok declined to respond to detailed questions on the matter, and major advertisers like Amazon, Disney, and the New York Times did not provide comments either.
TikTok generated an estimated $20 billion in ad revenue last year, and the company has been pushing advertisers to spend more on the platform. Advertisers provide sensitive business information to TikTok through a tool called “Make More Money,” built by ByteDance as its own version of Salesforce. The tool aids in customer onboarding, contracting, billing, and payments, as well as providing analytics on ad performance and spending. Despite efforts to improve access control, privacy and security issues persisted until recently when the system was separated for the U.S. and China operations.
Forbes obtained documents showing how TikTok has addressed concerns about data security and access controls, with PR-guided talking points regarding Project Texas, data usage, and ByteDance ownership. The changes made to the advertising tool reflect TikTok’s efforts to disconnect from ByteDance’s functions in China, but also highlight the historical struggles with access problems jeopardizing privacy and security. The investigation has shown the extent to which TikTok and ByteDance are entangled, with data accessible by both companies globally.
Access controls were also lax in a separate ByteDance tool called “Ads Integrity,” used to review ads submitted to TikTok. Employees expressed concerns about the privacy implications of advertisers’ sensitive information being widely available, as well as potential misuse of the information to market rival products or gain a competitive advantage. The use of pixels on advertisers’ websites was highlighted as a particularly sensitive issue, as it allows TikTok to access customer transaction data and improve ad performance, raising questions about how ByteDance uses this information.
TikTok has faced scrutiny over its handling of data from advertisers and users, with concerns about privacy, security, and access control raised by employees and sources within the company. While TikTok has made efforts to address these issues, the entanglement with ByteDance has raised broader concerns about data protection and misuse. The ongoing investigation sheds light on the challenges faced by TikTok in maintaining privacy and security standards while also generating revenue through advertising on the platform.
