TikTok has quietly expanded its data collection practices in the United States, introducing precise GPS-based location tracking and cross-site advertising capabilities just days after ByteDance spun out a new American entity designed to satisfy federal regulators.
The privacy policy updates, which greeted users with mandatory consent prompts in mid-January, mark a significant shift for the social media platform. Where TikTok previously stated it “did not collect precise location data” and relied only on approximate positioning through SIM cards and IP addresses, the company now reserves the right to gather exact GPS coordinates from its 177.5 million US users.
The timing has raised eyebrows among privacy advocates. The policy changes arrived within days of TikTok USDS Joint Venture’s formation, a restructuring that placed 80.1 percent of the platform under American ownership through investors including Silver Lake, Oracle, and sovereign wealth fund MGX. ByteDance retained a 19.9 percent stake in the arrangement, crafted to avoid a federal ban that would have taken effect without divestiture.
Yet the new privacy terms make clear that data will continue flowing to global operations. The policy explicitly states that information sharing with international entities will enable an “interoperable experience” across TikTok’s worldwide infrastructure, raising questions about whether the corporate restructuring achieved meaningful separation from Chinese parent company ByteDance.
National security experts remain unconvinced. As one analyst told PBS, the fundamental issue extends beyond data collection itself. The real vulnerability, they argued, lies in algorithmic control over what content gets amplified or suppressed, with Beijing likely maintaining influence over those decisions despite the ownership changes.
The privacy overhaul extends beyond location services. TikTok now conducts cross-site tracking through pixel trackers embedded across third-party websites, enabling the company to follow users across the internet for targeted advertising. Consumer Reports analysis found that 13 of 14 network contacts initiated by TikTok connected to third-party trackers, placing the platform’s surveillance capabilities on par with Meta and Google.
These trackers monitor even people who have never installed TikTok, collecting browsing data for aggregated analytics reports sold to advertisers. The practice mirrors tactics employed throughout the technology industry, where invisible data collection has become standard operating procedure.
The updated policy also discloses potential processing of highly sensitive personal information, including citizenship status, immigration details, and sexual orientation. The revelation carries particular weight given the current political climate surrounding immigration enforcement and LGBTQ rights.
Privacy advocates argue TikTok should not shoulder blame alone. “TikTok is just one app in a vast commercial surveillance ecosystem that has been allowed to grow unencumbered over the past two decades due to the lack of a U.S. privacy law,” according to a statement from the Electronic Privacy Information Center.
Caitriona Fitzgerald, EPIC’s deputy director, noted that “location tracking has become common across social media,” emphasizing that TikTok “like most U.S. tech companies, collects a huge amount of data about us both while users are on the app and via trackers on other websites.”
For now, precise location tracking remains disabled by default and will require explicit user opt-in when activated. But the infrastructure is in place, and the permissions have been secured through the mandatory consent screens that users must accept to continue accessing the platform.
The developments underscore a broader tension in American technology policy: heightened scrutiny of foreign-owned platforms occurs against a backdrop of domestic companies engaging in nearly identical data practices, all operating without comprehensive federal privacy legislation to establish clear boundaries.
