TikTok biometric data privacy lawsuits in U.S. merged as Microsoft mulls acquisition
Twenty lawsuits alleging biometric data privacy violations by TikTok in federal court have been rolled up into one by a panel of judges, according to NPR.
The suits had been filed over the past year and a half in California, where TikTok’s head office is located, and Illinois, where the Biometric Information Privacy Act (BIPA), one of the nation’s strictest biometrics laws, has resulted in a deluge of litigation. The suits against TikTok allege that facial biometrics and other data are collected from minors by the app and sent to China. TikTok denies the allegations, and says even its backup servers are located in Singapore, not China. TikTok representatives also argue that if the company transfers data to China, it would still not be in violation of any law, Forbes writes.
The company is asking for the suit to be dismissed because the user agreement forces disputes to be arbitrated, rather than settled in court.
Technology experts hired by the plaintiffs say data is none the less being sent to China, specifically servers owned by third parties that cooperate with the government. The allegations also include surreptitious mining of data on the smartphone on which the app resides, with source code obfuscated to hide its purpose.
NPR reports that experts say most smartphone apps collect at least as much data as TikTok.
The combined case will be heard in the U.S. District Court for the Northern District of Illinois by Judge John Z. Lee. Plaintiffs’ lawyers are expected to ask Lee to approve the suit as a national class action, which could involve tens of millions of users in the country.
The legal dispute takes place against a backdrop of threatened closure by the U.S. government if not sold to a U.S. owner by China-based ByteDance. Microsoft has confirmed it has looked into bidding for TikTok. Microsoft says if it acquires the company it will keep all user data within America, though it is worth noting that that would not necessarily make it compliant with BIPA or the California Consumer Privacy Act (CCPA).
Lawyers involved in the case told NPR that a settlement is likely prior to any sale of the company.