ConsentMark
Free Scan
TikTok Pixel logo
AdvertisingHigh complexity

TikTok Pixel

by tiktok

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
Yes
Sends PII
No
Cross-site tracking
No
Consent required
Advertising / Marketing
Cookies
_ttp_tt_enable_cookie_tt_sessionIdttclid

Overview

High-scrutiny advertising pixel due to ByteDance's Chinese ownership and the potential for data access by Chinese authorities under national security legislation. Tracks page views, add-to-cart actions, and purchases, sending conversion data to TikTok's ad platform. Multiple EU member states have restricted TikTok on government devices, and European DPAs have raised specific concerns about data transfers. Deploying this tag on a regulated organisation's website requires careful risk assessment beyond standard advertising tag governance.

Detection capabilities

Signature count
2
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Script size
70 KB
Requests per page
2

Common mistakes

  • 1Firing the TikTok Pixel before consent is obtained, transmitting browsing data and cookie identifiers to TikTok servers before the user has granted advertising consent
  • 2Not implementing the Events API as a server-side complement, resulting in signal loss from browser ad blockers and ITP restrictions
  • 3Failing to assess the data transfer risk to ByteDance infrastructure, which may involve data processing in jurisdictions without EU adequacy decisions
  • 4Enabling Advanced Matching without understanding that it transmits hashed personal identifiers (email, phone) to TikTok, requiring additional disclosure in the privacy notice
  • 5Not restricting the pixel to specific pages, allowing it to fire across the entire site and collect unnecessary browsing behaviour data

Compliance considerations

The TikTok Pixel sets first-party cookies and transmits event data to TikTok servers. Under GDPR, this constitutes personal data processing requiring explicit advertising consent. Data transfer risks are heightened because ByteDance, TikTok's parent company, is headquartered in China, and European DPAs have raised concerns about potential access by Chinese authorities under the National Intelligence Law. The Italian Garante temporarily banned TikTok in 2021 over age verification concerns, and multiple EU member states have restricted TikTok usage on government devices. Organisations deploying the TikTok Pixel should conduct a transfer impact assessment that specifically addresses the China data access risk, ensure their CMP blocks the pixel until explicit advertising consent is granted, and verify that TikTok's contractual commitments regarding EU data localisation (Project Clover) are sufficient for their risk profile.

Related services

6sense

6sense

AdvertisingLow risk

2 detection signatures

Adjust

adjust

AdvertisingLow risk

3 detection signatures

Adobe Audience Manager

Adobe

AdvertisingLow risk

1 detection signature

Amazon Ads

amazon

AdvertisingLow risk

1 detection signature

Scan your site for tiktok

Run a free Consentmark scan to see how tiktok is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan