Every like you leave, every “blue link” you open, TikTok is watching you. The platform even tracks how long you spend watching each video, all for the purpose of selling your information and profiting off of your data.

It is important that students take action to safeguard their information online in order to protect their privacy from TikTok and other companies, as well as government agencies.

Businesses often collect personal data through customer surveys and by monitoring them through cookies, making a profile of the user with this information. They then compile additional existing data from other companies.

TikTok’s parent company, ByteDance, recently created a new U.S.-based entity, “USDS Joint Venture,” to prevent the social media platform from being banned. USDS Joint Venture is owned by a majority-American board, and controls TikTok in the United States.

This ownership change led to a change in many of TikTok’s terms and conditions, which include collecting information on users’ citizenship status, precise data location and government-issued identification numbers, according to CBS.

While the social media platform was already collecting much of this information before the new 2026 updated policy, the terms and conditions have become more vague as to how this information will be collected and shared, creating new concerns about privacy. 

TikTok’s new policy now states that it can disclose users’ collected information to law enforcement, and also to “regulatory authorities, where relevant”—a classification which includes U.S. Immigration and Customs Enforcement. 

Several privacy laws limit the type of private user information that tech companies may share without a proper subpoena, but ICE has already begun to ask social media companies such as Meta and TikTok for access to this information. 

Furthermore, according to a survey by Javelin Strategy and Research, a research-based advisory firm focusing on the digital space, about 1.7 million children were affected by data breaches in 2022. These data breaches directly enable hackers to find personal data online, according to cybersecurity organization Security.org, opening students to the risks of identity theft, phishing and having their data sold to third-party organizations without their consent. 

According to the Federal Trade Commission, in 2024, Americans lost over $12 billion to identity fraud. As more data on you is collected, these scams only grow more realistic, and you grow more likely to encounter them.  

Many might claim that data collection is useful and beneficial to users because it can help provide a more personalized experience. But this is not always the case. 

For instance, take The College Board. This nonprofit organization sells your data—your name, ethnicity, parents’ education and SAT score—to admission officers, for just 47 cents. Colleges then use this data to send emails to students who may be interested in applying in hopes of receiving (and rejecting) more college applications, artificially lowering acceptance rates.1 While these emails may be personalized to student interests, colleges, for the most part, take advantage of the admissions process for their own benefit instead of promoting student success.

Changing website permissions for location and files, rejecting optional cookies when requested and setting up two-factor authentication on accounts will lower odds of data collection. Students may also delete personal data online through California’s Delete Request and Opt-out Platform.

Protecting personal data is up to the individual. To access DROP, visit privacy.ca.gov/drop.