We announced back in June that TikTok had confirmed its plans to make its new data portability API available for UK users.
We are excited to reveal that TikTok has now delivered on this commitment. TikTok’s data portability API is now functional for users in the UK as well as the EEA (screenshot below taken from this developer page).
What is TikTok’s data portability API?
In March 2024, TikTok introduced a new API to enable data portability for its users in the EEA to transfer their TikTok data directly to third party services. This was in response to the requirement in Article 6(9) of the Digital Markets Act (DMA), which states:
“The gatekeeper shall provide end users and third parties authorised by an end user, at their request and free of charge, with effective portability of data provided by the end user or generated through the activity of the end user in the context of the use of the relevant core platform service, including by providing, free of charge, tools to facilitate the effective exercise of such data portability, and including by the provision of continuous and real-time access to such data.”
In order to meet the requirement for “continuous and real-time”, TikTok enables its users to authorise third parties to download their data daily, on an ongoing basis.
Developers need to gain approval from TikTok first – click here to get started.
What does this have to do with CODE?
We first contacted TikTok in March and asked for the new API to be made available for UK users, including making individual data portability requests.
TikTok initially rejected our requests for UK access, but signalled that our feedback would be “passed to the relevant teams”.
In April, we made a formal complaint to the ICO, on the basis that TikTok (and also Amazon, Apple and LinkedIn) was in breach of the UK GDPR by refusing data portability requests, where it was demonstrably technically feasible via its new API.
In June, TikTok followed up by email to say that it had in fact taken on our feedback, and decided to implement in the UK after all (screenshot below from TikTok’s email).
It is difficult to know the extent to which any ICO involvement has contributed to this swift turnaround, but regardless, TikTok deserves a great deal of credit for changing course and implementing the change so quickly. This is a great result for the 20M+ TikTok users in the UK!
What next?
There are still three gatekeepers (Amazon, Apple and LinkedIn) that are restricting access to their data portability APIs outside of the EEA. In doing so, and in turn by rejecting UK users requests for direct transfers, they are in breach of UK data subjects rights to data portability. We will keep working, including through engagement with relevant regulatory authorities, to bring the benefits of these new tools to UK consumers as soon as possible.
We are also looking ahead to November, when we expect Booking.com to bring forward its own compliance solution for Article 6(9). If its data portability tool is not immediately made available in the UK, we will begin the same process as we have adopted for the first six gatekeepers.
Finally, please get in touch if you have accessed, or intend to access TikTok’s data portability API. We are gathering feedback from developers on their experience accessing and using the API to inform ongoing monitoring and implementation of the DMA by the European Commission.
Comentários