The EU's main regulator is studying whether the amendments comply with EU data protection rules. Italy's data protection watchdog issued an official warning to TikTok yesterday, when the Italian watchdog said the planned switch, from asking users' consent to run "personalized" ads, to claiming that it could be based on a "legitimate interest" in Processing data on legal grounds would violate the country's Electronic Privacy Directive and, in its view, the EU General Data Protection Regulation (GDPR).
Under EU law, for a legitimate interest to be a valid legal basis for processing personal data, the data processor must conduct a series of tests to assess: first, whether it has a legitimate purpose for the processing; The third balance test must consider the rights and freedoms of individuals whose information will relate. And the balance test may be the biggest hurdle for TikTok trying to use legitimate interests to run behavioral advertising.
Italian regulators have notified the Irish Data Protection Commission (DPC) of TikTok's possible breach of EU data rules. A DPC spokesperson said that following contact with it yesterday, TikTok has now agreed to put the change on hold for the DPC to analyze. It added that the issue had been raised with all other data regulators in the EU's 27 member states.
Separately, privacy experts questioned the appropriateness of TikTok's behavioral advertising based on legitimate interests. TikTok defended its targeted advertising program, saying: "We believe that personalized advertising provides the best in-app experience for our community, are committed to respecting the privacy of our users, be transparent about our privacy practices, and comply with all relevant regulations."