Written supplementary evidence submitted by TikTok (OSB0219)
We thank you for the opportunity to give Evidence before the Joint Committee on 28 October.
In the course of our giving Evidence, there were certain points on which we agreed to provide follow-up responses for the benefit of the Joint Committee. These are set out below.
TikTok is committed to implementing the highest levels of transparency over the data that we collect and the highest industry standards with regard to security and the protection of data.
We collect and process the information that our users give us when they use TikTok. This includes the content they upload, information about their use of the platform and certain technical information - such as the user’s device type and operating system - which is used to deliver TikTok and optimise the way in which the platform functions.
Third party research has found that TikTok collects less data than major competitors and other popular apps, while the former head of National Cyber Security Centre Ciaran Martin said that, while everyone should be aware of data sharing more broadly, the amount of data that TikTok collects was less than other platforms.
During our evidence I explained that TikTok does not operate on a social graph, but rather a content graph. When you open TikTok and land in your For You feed, you're presented with a set of videos curated to your interests, making it easy to find content and creators you love. This feed is powered by a recommendation system that delivers content to each user that is likely to be of interest to that particular user.
We are transparent about the way in which our recommendation system works. In June 2020 we published a newsroom post outlining the way in which content is recommended to users, and what factors contribute to the curation of your For You feed. Recommendations are based on a number of factors, including things like:
● User interactions such as the videos you like or share, accounts you follow, comments you post, and content you create.
● Video information, which might include details like captions, sounds, and hashtags.
● Device and account settings like your language preference, country setting, and device type. These factors are included to make sure the system is optimized for performance, but they receive lower weight in the recommendation system relative to other data points we measure since users don't actively express these as preferences.
All these factors are processed by our recommendation system and weighted based on their value to a user. A strong indicator of interest, such as whether a user finishes watching a longer video from beginning to end, would receive greater weight than a weak indicator, such as whether the video's viewer and creator are both in the same country.
At TikTok we have gone a step further in our commitment to transparency. In June 2020 we launched our Transparency and Accountability Centre in Los Angeles, and in April 2021 we announced plans for our European Transparency and Accountability Centre in Dublin. The Centres provide experts with an opportunity to visit and see first-hand how teams at TikTok go about the critically important work of securing our community's safety, data, and privacy.
Through this direct observation of our practices, experts have an opportunity to learn about our moderation systems, processes, and policies. This includes detailed insight into our recommendation technology, and our commitment to data privacy and security, as well as:
● How we use technology to keep our community safe
● How our trained content review teams make decisions about content based on the policies in our Community Guidelines
● The way human reviewers supplement our moderation efforts using technology to help catch potential violations of our policies
● Ultimately, how the content allowed on the platform aligns with our values
The Committee also expressed interest in the prevalence of different types of risk on our platform. TikTok produces quarterly Community Guideline Enforcement Reports, detailing the content removed from our platform, the reasons for this removal, and wider context on our enforcement trends.
In Q2 2021 81,518,334 videos were removed globally between April - June for violating our Community Guidelines or Terms of Service, which is less than 1% of all videos uploaded on TikTok. Of those videos, we identified and removed 93.0% within 24 hours of being posted and 94.1% before a user reported them. 87.5% of removed content had zero views, which is an improvement since our last report (81.8%).
● 41.3% of videos were removed for violating our minor safety policy
● 20.9% of videos were removed for violating our policies on illegal activities and regulated goods
● 14% of videos were removed for violating policies concerning adult nudity and sexual activities
● 7.7% of videos were removed for violating our violent and graphic content policy
● 6.8% of videos were removed for violating our policies on harassment and bullying
● 5.3% of videos were removed for violating policies concerning suicide, self harm and dangerous acts
● 2.2% of videos were removed under our hateful behaviour policies
● 1.1% of videos were removed for violating our violent extremism policy
● 0.8% of videos were removed for violating policies on integrity and authenticity
The Committee expressed particular interest at our efforts to remove dangerous challenges from the platform. Dangerous challenges fall under our Community Guidelines on suicide, self harm and dangerous acts. In the second quarter of 2021 we removed 94.2% of videos under this policy before they were reported to us, 90.8% within 24 hours and 81.8% before they had received a single view.
In the course of our Evidence, Baroness Kidron OBE asked a specific question as regards our written submissions on the point of complaints processes.
Clause 15 of the draft Bill addresses reporting and redress duties, and specifically sub-section 15(4) lists the kinds of complaints that individuals could make, which cover a range of circumstances and potential impacts for users (both content creators and viewers), as well as non-users. It is our view that the current drafting risks conflating the following related but distinct issues under the heading “complaints”: (i) reports of harmful content; (ii) appeals of content moderation decisions taken; (iii) subsequent complaints in relation to the foregoing; and (iv) complains in relation to range of other matters (such as alleged non-compliance with various duties).
Accordingly, we consider that that the specific obligations regarding reporting and redress duties could be further clarified and simplified - but without reducing safety - as follows:
● By separating out reporting of suspected harmful content from appeals of content moderation decisions (otherwise there is a risk of duplication and confusion with the obligation under ss15(2));
● By expressly introducing a separate concept of “appeals” whereby users and non-users can appeal a content moderation decision (with the possibility of overturning that decision, if appropriate); and
● if the Joint Committee considers it appropriate, by having a separate complaints process whereby users or non-users can submit a subsequent complaint in relation to the foregoing.
During the course of the hearing the Committee Chair inquired about TikTok data controls. We recently set out our data governance approach for the UK & Europe - this is based on the following:
● First, the importance of storing European user data in Europe - TikTok user data is stored in Singapore and the US. Our Ireland data centre will store UK & EEA user data once operational in late 2022;
● Second, keeping data flows outside of the region to a minimum;
● And third, limiting the number of employees with any access to data only to those who need it to do their job - as part of this, we're continuously reducing both the scope of access such employees have, as well as the number of business functions that need this access in the first place
Some limited and controlled employee data access remains necessary to support the performance - and make their experience of TikTok enjoyable and safe. In this instance, we rely on approved methods for data being transferred from Europe, such as standard contractual clauses. In addition, we employ a range of complementary technical, contractual and organisational measures so that in instances where user data access is required, it's afforded an equivalent level of data protection to that in the EEA and the UK.
During the discussion the Chair also asked about our engineering personnel, and if it “would...be reasonable to assume that more than half” are based in China. Like a lot of international companies in our industry, we have a large engineering team in China. As we have previously announced, in order to better service our local markets we are hiring 3,000 engineers outside of China, including in Europe, and therefore the majority of our engineers will be based outside of China.
Dr Theo Bertram
Annex A: Information TikTok Collects
We collect three categories of information: Information You Provide, Automatically Collected Information, and Information From Other Sources. More detail about each of the categories is provided below.
Information You Provide
● Profile Information. We collect information that you provide when you set up your TikTok account, such as your date of birth, username, email address and/or telephone number, and password. You can add other information to your profile, such as a bio or a profile photo.
● User Content. We collect the content you create or publish through the Platform, including photographs, videos, audio recordings, livestreams, and comments, and the associated metadata (such as when, where, and by who the content was created). We collect User Content through pre-loading at the time of creation, import, or upload, regardless of whether you choose to save or upload that User Content, for example, to recommend music based on the video. We also collect content (such as text, images, and video) from your device's clipboard if you choose to copy and paste content to or from the Platform or share content between the Platform and a third party platform.
● Direct Messages. When you communicate with others using direct messages, we collect the content of the message and the associated metadata (such as the time the message was sent, received and/or read, as well as the participants in the communication). We do this to block spam, detect crime, and to safeguard our users.
● Your Contacts. When you choose to import your contacts, we will collect information from your device’s phone book or your social media contacts. We use this information to help you make connections on the Platform when you are using our “Find Friends” function and to suggest your account to others.
● Purchase Information. We collect your payment card information or other third-party payment information (such as PayPal) where payment is required. We also collect your transaction and purchase history.
● Surveys and Promotions. We collect information you provide if you choose to participate in one of our surveys, promotions, contests, or marketing campaigns or events.
● Information When You Contact Us. When you contact us, we collect the information you send us, such as proof of identity or age, feedback about your use of our Services or information about possible violations of our Terms of Service (our “Terms”), Community Guidelines (our “Guidelines”), or other policies.
Automatically Collected Information
● Technical Information. We collect certain device and network connection information when you access any of our Services. This information includes your device model, operating system, keystroke patterns or rhythms, IP address, and system language. We also collect service-related, diagnostic, and performance information, including crash reports and performance logs. We automatically assign you a device ID and user ID when you use our Platform. Where you log-in from multiple devices, we use information such as your device ID and user ID to identify your activity across devices to give you a seamless log-in experience and for security purposes.
● Location. We collect your approximate location based on your Technical Information (such as SIM card and IP address) to customise your experience and for diagnostics and troubleshooting. With your permission, we may also collect precise location information (such as GPS).
● Usage Information. We collect information about how you engage with our Services, including information about the content you view, how long and how often you use our Services, how you engage with other users, your search history on the Platform, and your settings.
● Content Characteristics and Features. We detect and collect characteristics and features about the video and audio recordings that are part of your User Content, for example, by identifying objects and scenery; the existence or location within an image of a face or other body parts; and the text of words spoken in your User Content. We do this, for example, for content moderation and to provide special effects (such as video filters and avatars) and captions.
● Inferred Information. We infer your attributes (such as age-range and gender) and interests based on the information we have about you. We use inferences to, for example, keep our Platform safe, content moderation, and, where permitted, to serve you personalised ads based on your interests.
Information From Other Sources
● Advertising, Measurement and Data Partners. Advertisers and measurement and data partners share information with us such as mobile identifiers for advertising, hashed email addresses, and event information about the actions you’ve taken on a website or app. Some of our advertisers and other partners enable us to collect similar information directly from their website or app by integrating our TikTok Advertiser Tools (such as TikTok Pixel).
● Third Party Platform Information. If you choose to sign-up for TikTok using a third party platform (such as Facebook or Google), the third party platform will share information such as your email address, user ID, and public profile.
● Integration Partners. When you interact with any third party service (such as third party apps, websites or products) that integrate TikTok Developer Tools, we will receive the information necessary to provide you with features like cross-service authentication or cross-posting. For example, this will happen if you log in to another service with your TikTok account or if you use the TikTok “share” button on a third party service to share content from the third party service to TikTok.
● Others. Other users or individuals may provide us with information about you, including if you are featured or mentioned in another user’s content or direct messages, a complaint or feedback submitted by a third party, or if your contact information is provided to us by another user through our “Find Friends” function.
10 November 2021