Search results for: Tik Tok

On Tuesday, January 17, 2023, the University of Texas at Austin announced that it has blocked TikTok access across the university’s networks. According to the announcement to its users, “You are no longer able to access TikTok on any device if you are connected to the university via its wired or WIFI networks.” The measure was in response to Governor Greg Abbott’s December 7, 2022, directive to all state agencies to eliminate TikTok from state networks. Following the directive, the University removed TikTok from university-issued devices, including cell phones, laptops and work stations.

Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and many have already implemented a ban, with others considering similar measures. There is also bi-partisan support of a ban in the Senate, which unanimously approved a bill last week that would ban the app from devices issued by federal agencies. There is already a ban prohibiting military personnel from downloading the app on government-issued devices.

The bans are in response to the national security concerns that TikTok poses to U.S. citizens [View related posts].

To date, 19 states have issued some sort of ban on the use of TikTok on government-issued devices, including some Executive Orders banning the use of TikTok statewide on all government-issued devices. Other state officials have implemented a ban within an individual state department, such as the Louisiana Secretary of State’s Office. In 2020, Nebraska was the first state to issue a ban. Other states that have banned TikTok use in some way are: South Dakota, North Dakota, Maryland, South Carolina, Texas, New Hampshire, Utah, Louisiana, West Virginia, Georgia, Oklahoma, Idaho, Iowa, Tennessee, Alabama, Virginia, and Montana.

Indiana’s Attorney General filed suit against TikTok alleging that the app collects and uses individuals’ sensitive and personal information, but deceives consumers into believing that the information is secure. We anticipate that both the federal government and additional state governments will continue to assess the risk and issue bans on its use in the next few weeks.

It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct connection to the Chinese Communist Party, which is a foreign adversary of the U.S. This week, South Dakota Governor Kristi Noem signed an executive order banning all state workers or contractors from accessing TikTok’s website or app on any state-owned or leased devices. According to Governor Noem, “South Dakota will have no part in the intelligence gathering operations of the Chinese Communist Party.”

Other governors may wish to take note of this bold, yet necessary, move. U.S. federal agencies, including the State Department, Department of Defense, the Transportation Security Administration (TSA), Department of Homeland Security, the U.S. military, and the Pentagon have already banned federal workers from using TikTok. The reason: national security. Yes folks, the use of TikTok and voluntarily allowing the Chinese Communist Party unfettered access to all content in TikTok is a matter of national security.

Commissioner Brendan Carr of the Federal Communications Commission feels strongly that the Committee on Foreign Investment in the United States (CFIUS) should ban TikTok for American users due to national and cybersecurity concerns. According to Carr, he has little confidence in Tik Tok’s ability to properly handle U.S. users’ data, stating that TikTok is “a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data” with a direct connection to the Chinese Communist Party. He has asked Google and Apple to remove TikTok from their app stores. Users I have spoken with do not seem to care about national security or that they are endangering national security while they have fun with the app. We need to collectively understand and heed the warnings of our government and understand the impact, though unintentional or ignorant at best, our actions have on national security. Let’s not wait for the government to ban the use of TikTok; let’s collectively do the right thing: delete the app and stop using the website.

I continue to marvel at how many Americans are using TikTok but are oblivious to the fact that they are being duped by one of our foreign adversaries—the Chinese Communist Party. Folks, listen to and heed the warnings of both state and federal governments on the dangers that the use of TikTok poses to national security. Think about your country instead of yourself and stop using TikTok. It’s a matter of national security.

I am not an alarmist by nature, but the increased mention of TikTok in day-to-day conversations is very concerning, considering the overwhelming warnings about how the Chinese Communist Party is collecting information on Americans. The way to visualize it is to imagine there is a member of the Chinese Communist Party on your shoulder looking at everything you do, tracking your location, accessing your personal and health information and that of your children and other members of your family. We wouldn’t like it if our own government were surveilling us like that. Why are we comfortable with a foreign adversary doing it?

You don’t have to listen to me—just scroll through the articles below—from both sides of the media aisle (this is actually a bipartisan issue)—and get on the collective wagon to voluntarily ban TikTok on a national basis. We can all do this together to spare the government from having to ban us from harming ourselves or our national security.

The saga started in 2020, when President Trump attempted to ban TikTok in the U.S. with an executive order citing national security concerns. TikTok then pivoted to potentially selling its U.S. business to an American company. That strategy fizzled.

President Biden revoked Trump’s order, but started an investigation into security threats posed by Tik Tok. FCC Commissioner Brendan Carr asked Apple and Google to remove TikTok from their app stores.

Commissioner Carr wants TikTok to be banned for all U.S. users, citing concerns over how TikTok is handling the massive amounts of data it gathers from U.S. users and lingering doubts “that it’s not finding its way back into the hands of the [Chinese Communist Party.”

FBI Director Christopher Wray has testified before the Homeland Security Committee of the U.S. House of Representatives that the FBI has ‘national security concerns’ about the use of TikTok by American users. Wray testified that his concerns include “the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so chose, or to control software on millions of devices, which gives it an opportunity to potentially technically compromise personal devices.”

U.S. federal agencies including the State Department, Department of Defense, the Transportation Safety Administration, Department of Homeland Security, the U.S. military and the Pentagon have already banned federal workers from using TikTok.

State governors also are getting into the action to ban the use of TikTok by state workers. The Governor of South Dakota issued an executive order this week banning state workers and contractors from using the app or accessing TikTok’s website from state-issued devices. Enough is enough. Let’s start a grassroots movement to ban the use of TikTok on our own. I urge you to join the movement.

FCC Commissioner Brendan Carr asserted that TikTok poses an “unacceptable national security risk” in a letter to the CEOs of Google and Apple urging the companies to remove the app from their mobile app stores. According to Carr, TikTok’s history of “surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok’s pattern of misleading representations and conduct” should disqualify it under Google’s and Apple’s app store policies.

The popular social media app, owned by Chinese-based company ByteDance, has attracted criticism from security experts for excessive data collection since its 2016 debut. More recently, watchdogs have accused the platform of giving the Chinese government unfettered access to the data it collects. According to the FCC letter, ByteDance “is beholden to the Communist Party of China and required by Chinese law to comply with the PRC’s surveillance demands.”

TikTok has denied cooperating with government surveillance, but has confirmed that employees in China might access American user data.

View the full letter here.

I have never been a fan of TikTok [view related post]. In general, I do not trust any Chinese technology companies because of the influence and requirements the Chinese government wields over them. The Chinese government has been stealing U.S.-based companies’ intellectual property for decades, has required U.S.-based companies to provide computer code in order to do business in China, and represses free speech on social media.

TikTok is a prime example of how important it is to monitor the apps that we and our children download. The newest apps become a craze overnight, everyone starts talking about them, and to be cool, we download them without reviewing the privacy policy and terms of use. Click, click “I agree” and before you know it a foreign government is amassing additional large amounts of data about you or your children that you are freely giving to it.

Unfortunately, many TikTok users are children, and they are even less likely to understand the risks of downloading the app. TikTok is facing as many as 10 lawsuits that allege it has been using facial recognition technology and collecting biometric information of its users, particularly children, without parental consent. The lawsuits were consolidated yesterday in Illinois.

My recommendation is to delete TikTok from your phone and ask your children to do the same. I have been saying this for a long time, and if you don’t care about my recommendation, then consider that the U.S. Senate, which, following approval of a similar bill in the U.S. House of Representatives, unanimously approved a bill yesterday that requires all U.S. government employees to delete the TikTok app from their phones due to national security concerns. It is expected that the President will sign the measure into law. Now this is what bipartisan cooperation is all about. At the moment, the law only applies to federal workers, but it is a sound measure that private citizens may wish to consider.

The President will no doubt sign the bill into law as TikTok is in his crosshairs as well, and he has stated that he is on a mission to ban TikTok from the U.S.

Following in the footsteps of almost two dozen attorneys general in other states, Kentucky Attorney General Russell Coleman filed a lawsuit on July 17, 2025, against Chinese online shopping platform Temu, alleging that it unlawfully collects Kentuckians’ data, violating their privacy, and counterfeiting “some of Kentucky’s most iconic brands.”

The complaint alleges that Temu:

  • Illegally collects users’ data without their knowledge and consent;
  • Allows unfettered access of that data to the Chinese Communist government;
  • Steals the intellectual property of U.S.-owned companies, including some of Kentucky’s most iconic brands including the University of Kentucky, University of Louisville, Buffalo Trace Distillery and Churchill Downs; and
  • Uses forced labor from Chinese ethnic minorities in clear violation of U.S. trade policies.

According to the Attorney General’s press release, Temu in 2023 became “the most-downloaded mobile app in the U.S.” The lawsuit alleges that Temu is owned by a Chinese holding company, PDD Holdings, which offered the app Pinduoduo, which has been banned from U.S. based app stores “for being malware. The Temu app shares a significant amount of its code with the original Pinduoduo app and has a documented relationship with the Chinese Communist Party.”

The Attorney General alleges that Temu “can infect Kentuckians’ devices with malware, steal their personal data and send it directly to the Chinese government. At the same time, they’re eroding trust in some of Kentucky’s most iconic brands, which could lead to job losses and hardship.”

Similar to the state lawsuits against TikTok, we anticipate that more states will focus their consumer protection regulatory eyes on Temu and its collection and use of consumers’ data in the coming months. For more information on Tik Tok’s lawsuits, refer to our previous blogs. I

n the meantime, consumers may wish to consider the allegations set forth in Attorney General Coleman’s complaint before downloading Temu, which raises similar concerns as TikTok.

Businesses that run consumer-facing websites have spent the past several years contending with a steady stream of California Invasion of Privacy Act (CIPA) demands and class actions aimed at everyday digital tools such as cookies, pixels, and analytics scripts. A recent decision from the Southern District of California, Camplisson v. Adidas Am., Inc., 2025 WL 3228949 (S.D. Cal. Nov. 18, 2025), suggests that this wave is not fading. If anything, it may pick up further in 2026.

CIPA is a California privacy statute that, among other things, limits the interception of communications and the deployment of certain surveillance-style technologies without proper authorization. In the current round of cases, plaintiffs have increasingly trained their focus on CIPA’s prohibition on using “pen registers” and “trap and trace” devices absent a court order or user consent. They argue that common website tracking technologies function like modern equivalents of these wiretap-adjacent tools. The stakes are high because CIPA allows statutory damages of up to $5,000 per violation, even without proof of actual harm.

In Camplisson, website users brought a putative class action alleging that Adidas violated CIPA by using two tracking pixels on its website, the TikTok Pixel and Microsoft Bing. According to the complaint, the trackers were placed on visitors’ browsers without consent and collected data including IP addresses, browser information, unique identifiers, and other personal information. Adidas moved to dismiss on two primary grounds; first, it argued that the alleged tracking tools do not qualify as a “pen register” as a matter of law, and second, it contended that users had consented.

The court declined to accept either argument at the pleading stage. Emphasizing what it characterized as CIPA’s deliberately broad language, the court reasoned that a narrow reading of “pen register” limited to tools that capture all outgoing information could undermine the statute’s privacy-protective purpose. The court also held that the consent allegations were deficient based on how the website presented its terms and privacy disclosures. In particular, visitors allegedly had to scroll to the footer to locate links to the online terms and privacy policy, and the website did not present a pop-up, or similar mechanism, requiring users to affirmatively consent before the pixels fired.

From a forward-looking perspective, Camplisson hands plaintiffs a new citation for the proposition that standard website pixels can plausibly qualify as pen registers when they capture identifiers such as IP address information and other alleged personal information. It also offers a template for pleading around consent by highlighting the user’s practical path to notice on the website, and whether any meaningful opt-in occurred before tracking began. Together, those concepts are likely to drive additional pre-suit demand letters and new filings, particularly against companies that primarily rely on footer-based links for notice or that allow pixels to run before any affirmative consent. Longer term, unless appellate courts bring greater clarity or the legislature modernizes this decades-old statutory framework, businesses should plan for continued uncertainty and inconsistent results from courts.

On January 13, 2026, eight United States Senators sent a letter to Alphabet, Meta, Reddit, Snap, TikTok, and X stating that they“are alarmed by reports of users exploiting generative AI tools to produce sexualized ‘bikini’ or ‘non-nude’ images of individuals without their consent and distributing them on platforms including X and others.” The senators requested that the companies provide information and documents relating to policies around deepfakes, non-consensual intimate imagery and non-nude manipulations, governance of AI tools related to “sexually suggestive or intimate content,” and preventative measures to identify and block non-consensual deepfakes. The senators noted that the fake images that are generated and shared without the knowledge or consent of the individuals who are depicted raise “serious concerns about harassment, privacy violations, and user safety.”

The letter was prompted by a Wired Magazine article that “described users taking photos of fully clothed women and using AI chatbots to ‘undress’ them into bikini-clad deepfakes, including by exchanging tips to bypass content filters.”

The letter emphasizes that in late December 2025, “X was filled with requests for Grok, its AI platform, to create non-consensual bikini photos based on users’ uploaded images.” As a result, the platform, xAI, has been sued over sexually exploitative deepfake images that were generated without consent.

The California Attorney General has launched an investigation into xAI over non-consensual deepfake pornography, including those who “facilitate its distribution,” and issued a cease and desist to xAI over the creation and distribution of non-consensual images created by Grok. If you believe you have been a victim of a bikini or non-nude deepfake, contact your state Attorney General’s office.

A class action complaint filed in the Northern District of California on October 17, 2025, alleges that entertainment and arcade franchise Dave & Buster’s Entertainment Inc., misled website visitors about users’ ability to reject cookies and tracking technologies. The lawsuit, brought by two California residents, claims that the Dave & Buster’s website continued to place third-party cookies and transmit user data to advertising partners even after users selected a “Reject All” option on the site’s cookie banner.

How The Alleged Tracking Works

The complaint explains the website’s alleged use of GET and POST requests, which are two common ways browsers communicate with web servers. A GET request is typically used to retrieve information from a website, such as loading a page, while a POST request is used to send information to the website, such as submitting a form. Here, the plaintiffs allege that, despite users opting out of cookies, the website continued to send data about their browsing activity to third parties, including Meta, Google, TikTok, Microsoft, and X (formerly Twitter), through GET and POST these requests, allowing them to receive information about users’ interactions, location, and other website communications.

Cookie Consent and Third-Party Data Sharing

A key complaint allegation is that Dave & Buster’s website presented users with a pop-up banner offering the ability to “Reject All” cookies used for analytics and advertising. However, the complaint asserts that third-party cookies, including those from major platforms, were still stored on users’ devices even after they rejected cookies. These cookies reportedly transmitted a range of information, including browsing history, site interactions, and location data, to external advertising and analytics partners.

Wiretapping and Pen Register Claims

In addition to multiple privacy and fraud claims, the complaint includes causes of action under California’s Invasion of Privacy Act (CIPA), where the plaintiffs claim that the ongoing transmission of user data constitutes a CIPA violation pursuant to both its wiretapping and pen register provisions. The CIPA wiretapping provision prohibits anyone from intentionally intercepting, tapping, or making an unauthorized connection to a telephone or telegraph wire, as well as willfully reading or attempting to read the contents of a communication in transit without the consent of all involved parties. Although this law originally addressed analog phone lines, plaintiffs are increasingly seeking to apply its protection to modern website tracking technologies. In the Dave & Buster’s lawsuit, the plaintiffs claim that information passed from users’ browsers to the website was captured and shared with third-party companies without proper consent, thus constituting wiretapping under CIPA.

The complaint further alleges that Dave & Buster’s violated CIPA’s pen register provisions. A pen register under CIPA is any device or process that records dialing, routing, addressing, or signaling information from electronic communications. CIPA generally prohibit such devices without a court order. Plaintiffs are increasingly asserting that the definition of “pen register” includes internet tracking technologies like software that logs user data and IP addresses. Here, the plaintiffs allege that Dave & Buster’s allowed third parties to use tracking technologies that recorded users’ interactions with the site, again, without proper consent and in contradiction to the “Reject All” consent management option.

Key Takeaways for Organizations

This latest CIPA complaint provides several considerations for companies concerning website compliance:

  • Cookie consent must match practice. If your website allows users to reject cookies or tracking, their choice must be respected in actual practice. Banner options should work as described, not simply appear to offer the user control.
  • Transparency is critical: Companies should clearly disclose what data is collected, how it is used, and with whom it is shared. Businesses should also regularly audit their website’s tracking technologies to confirm compliance.
  • Understand technical flows: It is important for both technical and non-technical teams to have a basic grasp of how tracking technologies function. Internal stakeholders should understand how GET and POST requests, cookies, and third-party scripts work on their sites. Without this foundational knowledge, implementing tracking technologies can inadvertently create compliance issues, even when everyone is acting in good faith.

As plaintiffs and courts look more closely at consent and tracking, companies should be mindful that their website privacy controls aren’t just for show. CIPA litigation continues to evolve, and finding yourself in the middle of such litigation is no one’s idea of fun and games.