TikTok · TikTok Privacy Policy · View original document ↗

Sensitive Personal Information Processing Under State Privacy Laws

Medium severity Medium confidence Explicitdocumentlanguage Unique · 0 of 343 platforms
Share 𝕏 Share in Share 🔒 PDF
Monitor governance changes for TikTok Create a free account to receive the weekly governance digest and monitor one platform for governance changes.
Create free account No credit card required.
Document Record

What it is

TikTok states that personal information users include in their content or submissions may include legally sensitive categories such as health information, sexual orientation, immigration status, and financial data, and that TikTok processes this information under applicable state privacy law standards.

This analysis describes what TikTok's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

Sensitive personal information categories under CCPA and analogous state laws carry heightened processing restrictions and consumer rights; the policy places responsibility on users for whether they include such information in user content, while disclosing that TikTok may process it.

Interpretive note: The specific processing limitations and user controls for sensitive personal information categories are not detailed in this policy, with health data addressed in a separate document, creating potential gaps that depend on the adequacy of that separate policy.

Clause Stability Stable

0
Changes
3
Months Monitored
May 12, 2026
First Seen
May 22, 2026
Last Seen
This clause type exists across 3350 other provisions on other platforms.

Consumer impact (what this means for users)

If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.
  • Delete Your Data
    Submit a data deletion or limitation request through TikTok's Privacy Center if you wish to request removal of sensitive personal information associated with your account.

How other platforms handle this

Strava Medium

We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...

Ledger Medium

At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.

Shein Medium

enableGpcSdk: true, gpcSetting: { privacyPolicyLink: '/Privacy-Security-Policy-a-282.html' }

See all platforms with this clause type →

Monitoring

TikTok has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →
▸ View Original Clause Language DOCUMENT RECORD
"
Information You Provide may include sensitive personal information, as defined under applicable state privacy laws. We process such information in accordance with applicable law, such as to provide the Services and other permitted purposes under state privacy laws, like the California Consumer Privacy Act ("CCPA"). You may choose whether or not you include sensitive personal information in your user content or in other information you voluntarily submit. The type of information that state privacy laws, such as the CCPA, have identified as sensitive personal information include the following: racial or ethnic origin, national origin, religious beliefs, mental or physical health diagnosis, sexual life or sexual orientation, status as transgender or nonbinary, citizenship or immigration status, or financial information.

— Excerpt from TikTok's TikTok Privacy Policy

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

1) REGULATORY LANDSCAPE: CCPA and CPRA establish specific rules for the processing of sensitive personal information, including a right to limit use of sensitive personal information to necessary purposes. Similar heightened protections exist under Colorado, Connecticut, Virginia, and other state comprehensive privacy laws. Washington's My Health My Data Act imposes specific obligations for consumer health data, addressed separately in TikTok's Consumer Health Data Privacy Policy referenced in the document. The CCPA's definition of sensitive personal information is explicitly cited in the policy. 2) GOVERNANCE EXPOSURE: Medium. The policy discloses that sensitive personal information may be present in user content and states it is processed in accordance with applicable law, but the specific processing limitations, consent mechanisms, and user controls for sensitive data categories are not detailed in this policy, with health data addressed in a separate policy document. 3) JURISDICTION FLAGS: California CPRA's right to limit sensitive personal information processing applies to all California users. Washington's My Health My Data Act imposes broad obligations for health-related data that extend beyond HIPAA's scope. Illinois, Texas, and other states with specific sensitive data categories may impose additional obligations. 4) CONTRACT AND VENDOR IMPLICATIONS: Advertisers and analytics partners receiving data from TikTok should assess whether any sensitive personal information categories could be present in the data they receive and whether their use of that data satisfies applicable state law requirements. 5) COMPLIANCE CONSIDERATIONS: Compliance teams should assess whether TikTok's privacy controls and settings provide users with a meaningful ability to exercise CPRA's right to limit sensitive personal information processing, and whether the separation of health data into a distinct Consumer Health Data Privacy Policy creates any gaps in the overall sensitive data compliance framework.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

  • State AG
    State attorneys general in California and other states with comprehensive privacy laws have enforcement authority over sensitive personal information processing requirements
    File a complaint →

Applicable regulations

EU AI Act
European Union
BIPA
Illinois, USA
CCPA/CPRA
California, USA
COPPA
United States Federal
Colorado AI Act
US-CO
Connecticut Data Privacy Act Amendments
US-CT
CAN-SPAM
United States Federal
FTC Act Section 5
United States Federal
GDPR
European Union
Indiana Consumer Data Protection Act
US-IN
Kentucky Consumer Data Protection Act
US-KY
UK GDPR
United Kingdom
Universal Opt-Out Mechanism Expansion 2026
US
VPPA
United States Federal

Provision details

Document information
Document
TikTok Privacy Policy
Entity
TikTok
Document last updated
May 5, 2026
Tracking information
First tracked
March 6, 2026
Last verified
May 12, 2026
Record ID
CA-P-011618
Document ID
CA-D-00033
Evidence Provenance
Source URL
Wayback Machine
Content hash (SHA-256)
759b50c14afbd87fdbb67de0c84317247aebbcd624051498e6df2cb8bd144250
Analysis generated
March 6, 2026 20:31 UTC
Methodology
Evidence
✓ Snapshot stored   ✓ Hash verified
Citation Record
Entity: TikTok
Document: TikTok Privacy Policy
Record ID: CA-P-011618
Captured: 2026-03-06 20:31:56 UTC
SHA-256: 759b50c14afbd87f…
URL: https://conductatlas.com/platform/tiktok/tiktok-privacy-policy/sensitive-personal-information-processing-under-state-privacy-laws/
Accessed: July 4, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
Classification
Severity
Medium
Categories

Other risks in this policy

Related Analysis

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies
Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does TikTok's Sensitive Personal Information Processing Under State Privacy Laws clause do?

Sensitive personal information categories under CCPA and analogous state laws carry heightened processing restrictions and consumer rights; the policy places responsibility on users for whether they include such information in user content, while disclosing that TikTok may process it.

How does this clause affect you?

If a user's content includes information about their health, religion, immigration status, or sexual orientation, the policy states TikTok processes that information under applicable state law standards; users should consider their privacy settings before posting content containing these categories.

Is ConductAtlas affiliated with TikTok?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by TikTok.