Fears about TikTok’s policy changes point to a deeper problem in the tech industry

Fears about TikTok’s policy changes may be exaggerated, but they highlight a deeper issue in the tech industry regarding user trust and data privacy.
The new terms of service and privacy policy went into effect on January 22, 2026, following the app’s sale from ByteDance to TikTok USDS Joint Venture LLC, a majority American-owned company that will control U.S. users’ data and content.
Many users were concerned about changes in the new policy, such as the collection of sensitive personal information like sexual orientation and immigration status, but these changes are not significantly different from previous policies.
The concerns about TikTok’s policies are also linked to broader issues with tech companies’ communication and user trust, particularly in an era of low trust in both Big Tech and government.
Rebuilding trust in the stewardship of data is a more important challenge than simply making data privacy policies more legible; it requires companies to address users’ concerns and demonstrate transparency and accountability.

Users' fears about TikTok might be a bit off the mark, but nonetheless justified. Noushad Thekkayil/NurPhoto via Getty Images

A little over a year after TikTok temporarily went dark in the United States and users were greeted with a message explaining that “a law banning TikTok has been enacted,” those same U.S. users opened the app to find a pop-up message requiring them to agree to new terms before they could continue scrolling.

The new terms of service and privacy policy went into effect on Jan. 22, 2026, following the app’s sale from ByteDance to TikTok USDS Joint Venture LLC, a majority American-owned company that reportedly will control U.S. users’ data and content and the app’s recommendation algorithm.

People see this kind of pop-up all the time, and according to research, the “biggest lie on the internet” is that people ever read anything before clicking “agree.” But given many users’ unease about the ownership change – including fears of swapping Chinese surveillance for U.S. surveillance – it is unsurprising that this time, people paid attention. Screenshots of legal language spread quickly online, accompanied by warnings about sweeping new data collection.

I’m both a TikTok content creator and a tech ethics and policy researcher who has studied website terms and conditions, especially whether people read them (they don’t) and how well they understand them (they also don’t). When I saw the outrage on social media, I immediately dove down a terms of service and privacy policy rabbit hole that had me tumbling into the wayback machine and also looking at similar policies on other apps and TikTok’s policies in other countries.

In the end, I discovered that in the most widely shared examples, the language that sounded most alarming had either hardly changed at all or described practices that are fairly standard across social media.

Some changes aren’t really changes

Consider the list of “sensitive personal information” in TikTok’s new privacy policy, which includes items like sexual orientation and immigration status. Many users interpreted this list as evidence that TikTok had begun collecting more personal data. However, this exact same list appeared in the previous version of TikTok’s U.S. privacy policy, which was last updated in August 2024. And in both cases, the language focuses on “information you disclose” – for example, in your content or in responses to user surveys.

This language is in place presumably to comply with state privacy laws such as California’s Consumer Privacy Act, which includes requirements for disclosure of the collection of certain categories of information. TikTok’s new policy specifically cited the California law. Meta’s privacy policy lists very similar categories, and this language overall tends to signal regulatory compliance by disclosing existing data collection rather than additional surveillance.

Location tracking also prompted concerns. The new policy states that TikTok may “collect precise location data, depending on your settings.” This is a change, but it’s also common practice for the major social media apps.

The change also brings the company’s U.S. policy in line with TikTok policies in other countries. For example, the company’s European Economic Area privacy policy has very similar language, and users in the U.K. have to grant precise location access to use a “Nearby Feed” for finding events and businesses near them.

Though apps have other ways to approximate location, such as IP address, a user will have to grant permission through their phone’s location services in order for TikTok to access precise location via GPS – permission that TikTok has not yet requested from U.S. users. However, the new policy opens the door for users having the option to grant that permission in the future.

This CBC report describes the aftermath of the TikTok sale and why many users are deleting the app.

No news does not equal good news

None of this is to say that users are wrong to be cautious. Even if TikTok’s legal language around data privacy is standard for the industry, who controls your data and your feed is still very relevant. Uninstalls for the app spiked 130% in the days following the change, with many users expressing concern about the ties that the new owners have to President Donald Trump – notably Oracle, the company led by Trump supporter Larry Ellison.

It also didn’t help that TikTok’s first week under American ownership was a complete disaster. Severe technical problems – later attributed by TikTok to a data center power failure – happened to coincide with the new ownership announcement, fueling widespread concerns about censorship of content critical of the U.S. government. Perhaps some users remembered that Trump once joked about making the platform “100% MAGA.”

But regardless of what actually happened, at this point distrusting tech companies isn’t exactly irrational.

Clarity and trust

Conflating very real structural risks with unfamiliar sentences in legal documents, however, can obscure what is actually changing and what isn’t. The misleading information about TikTok’s policy changes that spread across social media is also evidence of a well-known design failure: Most tech policies aren’t made to be read.

My own work revealed that these documents are often written at a college or even graduate school reading level. Another analysis once calculated that if every American read the privacy policy for each website they visit for just a year, it would cost US$785 billion in lost leisure and productivity time.

So the discussion about TikTok’s policies is a case study in the deep mismatch between how tech companies communicate and how people interpret risk, particularly in an era of exceptionally low trust in both Big Tech and government. Right now, ambiguity doesn’t feel neutral. It feels threatening.

Instead of dismissing these reactions as overblown, I believe that companies should recognize that if a huge portion of their user base assumes the worst, that’s not a reading comprehension problem; it’s a trust problem. So writing data privacy policies more legibly is a start, but rebuilding any kind of inherent trust in the stewardship of that data is probably the more important challenge.

Casey Fiesler receives some direct payments from social media platforms for views on her content, including TikTok.

link

Q. Why did TikTok’s users react with concern when they opened the app after the sale from ByteDance to TikTok USDS Joint Venture LLC?

A. Users were concerned about the ownership change, including fears of swapping Chinese surveillance for U.S. surveillance.

Q. What was the main issue that researchers found with the new terms of service and privacy policy on TikTok?

A. Researchers discovered that many users interpreted the language as evidence of more personal data collection than what was actually changing.

Q. Did the new terms of service and privacy policy contain any significant changes to how TikTok collects user data?

A. While some changes were made, such as location tracking, these were not necessarily new practices for social media apps.

Q. Why did users’ unease about the ownership change lead to a spike in uninstalls for the app?

A. Many users expressed concern about the ties that the new owners have to President Donald Trump and his supporters.

Q. What was the cause of severe technical problems on TikTok’s first week under American ownership?

A. The problems were attributed to a data center power failure, which coincided with the new ownership announcement.

Q. How do researchers believe companies should address users’ concerns about trust in their data stewardship?

A. Companies should recognize that if a huge portion of their user base assumes the worst, that’s not a reading comprehension problem; it’s a trust problem.

Q. What is one way to improve how tech policies are communicated to users?

A. Writing data privacy policies more legibly and clearly can help reduce confusion and mistrust.

Q. How much time would be lost if every American read the privacy policy for each website they visit for just a year?

A. According to an analysis, it would cost US$785 billion in lost leisure and productivity time.

Q. What is one common design failure that contributed to the spread of misleading information about TikTok’s policy changes on social media?

A. Most tech policies are written at a college or graduate school reading level, making them difficult for users to understand.