US Federal contractors will no longer be able to have TikTok on their personal mobile phones or devices following a new ruling in the US. Could UK public sector contractors be next? And what data does TikTok actually collect about you?
The ban in the US applies to devices regardless of whether the device is owned by the Government, the contractor, or the contractor’s employees (e.g., employee-owned devices that are used as part of an employer bring your own device (BYOD) programme). However, a personally-owned mobile phone that is not used in the performance of the contract is not subject to the prohibition.
What if contractors only use personal mobile phones for email?
In a Holland & Knight report, it was concluded that if a contractor’s employees are using their personal mobile phones to email, Teams message, text message or even talk in relation to a federal contract, then those phones are apparently subject to FAR 52.204-27’s prohibition.
The only personal devices not subject to the TikTok prohibition would be those devices that are not used at all in contract performance. Thus, if a contractor communicates with an employee via that employee’s personal mobile phone to discuss a federal contract, that phone would fall under the TikTok prohibition.
To make sure they are compliant with FAR 52.204-27, US government contractors should take the following actions:
- “Remove TikTok from all contractor IT
- Direct employees using personal devices for contract work to uninstall TikTok from such devices. As a best practice, companies should provide guidance to employees on how to remove the program.
- Identify all devices used in performance of government contracts, including contractor and employee personal devices
- Consult IT professionals on technical solutions to ensure compliance with the above
- Once FAR 52.204-27 is added to existing contracts, contractors should ensure that they flow down this clause to their subcontractors”
Source: Holland & Knight
The move follows similar moves in the UK back in March that banned TokTok from government-issued/owned electronic devices to inhibit the social media platform from accessing government contacts, user data and the geolocation of workers.
Chancellor of the Duchy of Lancaster Oliver Dowden said:
The security of sensitive government information must come first, so today we are banning this app on government devices. The use of other data-extracting apps will be kept under review.
What Data Does TikTok Collect?
Users of TikTok know to a certain degree that the app is tracking their user content since it regurgitates content that you seem to like. However, for hackers, they might have the ability to access this data, too, along with your personal details including your birthdate, your location and even your photo ID. That’s why it is important for users to consider, if like all social media platforms, if using TikTok is worth the risk, especially if you have sensitive work information on your mobile phone.
- Personal information: username, password, birthday, email address, phone number, or anything you disclose in your profile bio, according to Security.org. It will also save your profile photo or video, so TikTok will know what you look like if you put your face on there, according to Security.org.
- Proof of identity: your birthdate and even photo ID
- User content: TikTok will collect and store any content you create and view, from language preferences to comments and livestreams
- Behaviourial information: your likes and dislikes; health-related searches which can be highly personal and for some people not the type of information you want strangers having access to
- Info from third parties: “TikTok may receive information about you from third-party platforms you cross-use with TikTok,” says Security.org. That means if you sign up using Facebook, for example, TikTok will receive and store your public profile information.”
- Technical information: This includes any information about a users’ devices and network, including IP addresses, device IDs, mobile carriers, operating systems. “Basically, TikTok will know what device and network you’re browsing from,” says Security.org
- Location: This can range from an approximate location using your IP address and SIM card, to your precise location is you allow the app to track your device’s GPS. Check what you have ticked in the app’s settings if you no longer wish the app to follow your location
- In-app purchases: TikTok can’t see your payment information, but it does take a record of the purchases you make, the time of purchase, and the amount you spent.
Source: Security.org
What’s happening about TikTok for UK contractors?
The UK ban on TikTok has yet to extend to public sector workers’ or contractors’ personal devices, but that could soon change now that the US has issued blueprint legislation called the AI Bill of Rights.
The White House Office of Science and Technology Policy has identified five principles that policymakers believe should guide the design, use and deployment of automated systems to protect the American public in the age of Artificial Intelligence. The development could eventually influence legislation in the UK when it comes to public sector contractors, especially those developing software for government projects.
This Blueprint for an AI Bill of Rights acts as a handbook to provide guidance whenever automated systems can meaningfully impact the public’s rights, opportunities or access to critical needs.
Here are the five principles that were outlined in the AI Bill of Rights:
- People should be protected from unsafe or ineffective systems
- People should not face discrimination by algorithms and systems should be used and designed in an equitable way
- People should be protected from abusive data practices via built-in protections and you should have agency over how data about you is used
- People should know that an automated system is being used and understand how and why it contributes to outcomes that impact you
- People should be able to opt-out, where appropriate, and have access to a person who can quickly consider and remedy problems you encounter
“The AI Bill of Rights is a step in the right direction to protect the American people,” says Brian Sathianathan, CTO and Co-Founder of Iterate.ai, a developer of AI-powered low-code software intended to accelerate innovation projects within large enterprises.
“Since technology moves at a faster pace than legislation and actions taken by governments, it’s important to provide a broader guideline and stay out of specifics, enabling inventors and technologists to invent along the guidelines,” says Sathianathan.