Law firm CEO's analysis reveals TikTok's extensive data collection practices
Recent examination of platform's terms raises concerns across Europe as regulators intensify scrutiny.

A detailed examination of TikTok's Terms of Service by a law firm CEO has revealed the extensive scope of data the platform collects from its users, sparking renewed debate about digital privacy practices. Brett Trembly, CEO of GetStaffedUp and founding partner of Trembly Law Firm, spent five hours reviewing TikTok's terms and shared his findings on X (formerly Twitter) on April 28, 2025, highlighting a range of permissions that many users unknowingly grant when using the app.
Get the PPC Land newsletter ✉️ for more like this
The analysis comes months after the European Commission opened formal proceedings against TikTok under the Digital Services Act (DSA) in February 2024, focusing on the protection of minors, advertising transparency, researcher data access, and concerns about addictive design features.
According to Trembly's examination of TikTok's Terms of Service, last updated in November 2023, the platform requires a wide array of permissions that grant unprecedented access to users' devices and personal information. These include access to users' address books, clipboard contents, keyboard inputs, and full camera functionality.
The platform's terms explicitly state: "By submitting User Content via the Services, you hereby grant us an unconditional irrevocable, non-exclusive, royalty-free, fully transferable, perpetual worldwide licence to use, modify, adapt, reproduce, make derivative works of, publish and/or transmit, and/or distribute and to authorise other users of the Services and other third-parties to view, access, use, download, modify, adapt, reproduce, make derivative works of, publish and/or transmit your User Content in any format and on any platform, either now known or hereinafter invented."
This broad license effectively gives TikTok extensive rights over all content uploaded to the platform, extending far beyond what many users might reasonably expect from a social media application.
Section 5 of TikTok's Terms of Service outlines numerous restrictions on user behavior, while Section 7 details the company's rights regarding user-generated content. The terms also specify that users grant TikTok "a royalty-free license to use your user name, image, voice, and likeness to identify you as the source of any of your User Content."
The revelation of these extensive data collection practices comes at a time of heightened regulatory attention. In February 2024, the European Commission opened formal proceedings against TikTok under the Digital Services Act, focusing on four key areas of concern:
- The platform's assessment and mitigation of systemic risks relating to algorithmic systems that may stimulate behavioral addictions or create "rabbit hole effects"
- Measures to ensure privacy, safety, and security for minors
- The reliability of TikTok's searchable repository for advertisements
- Researcher access to public data on the platform
"The safety and well-being of online users in Europe is crucial. TikTok needs to take a close look at the services they offer and carefully consider the risks that they pose to their users - young as well as old," said Margrethe Vestager, Executive Vice-President for a Europe Fit for the Digital Age.
Commissioner for Internal Market Thierry Breton emphasized that "the protection of minors is a top enforcement priority for the DSA. As a platform that reaches millions of children and teenagers, TikTok must fully comply with the DSA and has a particular role to play in the protection of minors online."
TikTok's response to regulatory pressure
TikTok has responded to growing regulatory pressure with several initiatives aimed at improving transparency and safety on its platform. In February 2025, the company published its fourth transparency report under the Digital Services Act, covering the period from July to December 2024.
According to this report, TikTok "proactively removed approximately 18 million pieces of violative content" during this six-month period, with an automated moderation accuracy rate of 99.1%. The report also introduced new metrics on illegal content reports from Trusted Flaggers and out-of-court disputes over content moderation decisions.
More recently, in April 2025, TikTok announced updates to strengthen its approach to platform integrity during the Romanian elections, where the platform had previously faced scrutiny. "As we approach the next round of elections in Romania, today we're announcing updates that strengthen our ongoing work to protect our platform and connect our community to reliable election information," the company stated in a newsroom post.
In March 2025, TikTok also published its fifth transparency report under the EU Code of Practice on Disinformation (COPD), detailing measures taken to combat misinformation, including an expanded fact-checking program covering 23 European languages.
Implications for marketers and users
For marketing professionals who utilize TikTok as part of their digital strategy, these findings create complex challenges. Companies investing in TikTok advertising or content creation must now consider whether their participation inadvertently exposes their own corporate data or contributes to privacy concerns for their audience.
Several social media users responding to Trembly's post noted that TikTok's data collection practices, while extensive, may not differ significantly from those of other major platforms. One user, identified as SEOforDeplorables, commented: "If you're terrified by that, try reading Google's ToS for every one of its products, including 'private' services like Gmail and Google Docs."
Another user, Michael Sanchez, challenged: "Cool. Now do the same for X, Facebook, Instagram. As their TOS's are 3x longer. We look forward to your objective comparison that we all know won't be coming."
These responses highlight a broader debate about data collection practices across major technology platforms, with some suggesting that TikTok's policies, while concerning, may not be significantly different from those of other popular services.
TikTok's technical approach to data and privacy
A closer examination of TikTok's technical documentation reveals how the platform balances its data collection with privacy protections. The company has implemented the Coalition for Content Provenance and Authenticity (C2PA) Content Credentials technology, which enables its systems to recognize and automatically label AI-generated content.
For users concerned about content recommendations, TikTok has implemented features to provide greater user control. According to its Code of Practice on Disinformation report from July to December 2024, users can filter specific words or hashtags from their For You feed and select "not interested" on content they don't wish to see more of.
The platform also offers a "For You refresh" option that enables users to discover entirely new content if they feel their recommendations have become too similar or irrelevant. Additionally, European users can turn off personalization entirely to see non-personalized content in their feeds.
For researchers, TikTok provides access to platform data through its Research API, Virtual Compute Environment (VCE), Commercial Content API, and Commercial Content Library. During the second half of 2024, TikTok received 148 applications from researchers in the EU and EEA to access these research tools.
Privacy, regulation, and platform evolution
As digital privacy concerns continue to shape the technology landscape, platforms like TikTok find themselves navigating increasingly complex regulatory environments. The European Union's Digital Services Act, which fully came into effect in February 2024, represents one of the most comprehensive attempts to regulate online platforms and their data practices.
Growing public awareness of data collection practices may lead to increased scrutiny of platform choices by both consumers and brands. Marketing strategies will need to account for potential backlash against platforms perceived as compromising user privacy, while also addressing the technical requirements of effective digital engagement.
For TikTok users, the findings serve as a reminder of the importance of reviewing and understanding the permissions granted to apps. While the platform offers entertainment and creative opportunities for its 159 million European users, these benefits come with trade-offs in terms of data sharing and privacy.
Timeline
- November 2023: TikTok updates its Terms of Service with extensive data collection provisions
- February 2024: European Commission opens formal proceedings against TikTok under the Digital Services Act
- March 2025: TikTok publishes fifth transparency report under EU Code of Practice on Disinformation
- April 28, 2025: Brett Trembly, law firm CEO, posts detailed analysis of TikTok's Terms of Service after spending five hours reviewing the document
- April 2025: TikTok announces updates to strengthen platform integrity during Romanian elections
- May 1, 2025: Ongoing debate continues about appropriate data collection standards across social media platforms