TikTok has updated its privacy policy to permit the collection of precise location data from users in the United States, marking a significant shift from its previous approach, which limited location tracking to approximate data such as SIM card or IP address information.
The change follows the completion of a new corporate structure for TikTok’s U.S. operations, established after investors finalised a deal with ByteDance, the platform’s Chinese parent company. Under the arrangement, TikTok’s American business is now operated as a joint venture, a move shaped by years of political pressure and regulatory scrutiny in Washington over data security and Chinese influence.
According to the revised privacy policy, TikTok may collect precise location data, including GPS-level information, depending on user settings. The company says the feature will be optional, turned off by default, and will require users to explicitly opt in through a prompt. Users will also be able to disable location sharing at any time through their device settings. TikTok has not indicated when the updated permissions will be rolled out to U.S. users.
Before the update, TikTok’s U.S. privacy policy stated that even approximate GPS data was not collected from users running the latest version of the app. The company already gathers precise location information from users in parts of Europe and the United Kingdom through features such as its “Nearby Feed,” which highlights local events and businesses.
The updated policy also expands TikTok’s authority to collect data related to user interactions with its artificial intelligence tools. This includes prompts and questions submitted to AI features, as well as metadata on how, when and where AI-generated content is created.
The U.S. joint venture is led by three managing investors, Oracle, Silver Lake and Abu Dhabi-based investment fund MGX, each holding a 15 percent stake. ByteDance retains a minority share just below 20 percent. Other investors include the Dell Family Office and several international investment firms. Oracle, which will play a central role in the new structure, is responsible for hosting TikTok’s U.S. user data and overseeing the retraining of the platform’s recommendation algorithm within its American cloud infrastructure.
The restructuring follows a 2024 U.S. law that required TikTok to divest its American operations or face a nationwide ban. The legislation was driven by concerns that Chinese authorities could gain access to sensitive data belonging to American users. Enforcement of the law was repeatedly delayed until the joint venture was finalised.
Despite the changes, concerns persist in Congress. Representative John Moolenaar, chair of the House Select Committee on China, has questioned whether ByteDance’s continued minority stake could still allow Chinese influence over TikTok’s algorithm. Democratic Senator Ed Markey has also criticised the lack of transparency surrounding the deal, saying key questions remain unanswered about data security and algorithmic independence.
Lawmakers from both parties continue to scrutinise whether the new structure fully complies with U.S. legal requirements, which prohibit cooperation between ByteDance and the successor entity on the content recommendation algorithm and restrict operational ties between the two companies.
TikTok revamps pay structure to reward top performers amid talent war
