ByteDance

Overview

ByteDance is the parent company of TikTok, one of the world's largest social media platforms with over 1 billion monthly active users. The TikTok Pixel (also called the TikTok Events API in its server-side form) enables advertisers to measure campaign performance, build retargeting audiences, and track conversion events across websites. ByteDance is headquartered in Beijing, China, making data transfer to China a specific regulatory concern distinct from standard EU-US transfer frameworks.

What This Script Does

The TikTok Pixel is a JavaScript snippet that loads the TikTok analytics library and fires conversion events on advertiser websites.

Script Files and Domains

• analytics.tiktok.com/i18n/pixel/events.js — The TikTok Pixel JavaScript library. Loaded from analytics.tiktok.com. Approximately 30–60KB minified.
• Events API endpoint: analytics.tiktok.com/api/v2/pixel/track/ — Receives pixel event payloads.
• ad.tiktok.com — Additional domain used for audience sync and ad attribution lookups.

Cookies Set

• _ttp — TikTok Tracking Pixel cookie. Set as a first-party cookie on the advertiser's domain (via client-side JavaScript). Contains a unique visitor ID used to match website visitors to TikTok users for attribution and retargeting. Persists for 13 months.
• _ttclid — TikTok Click ID parameter stored as a cookie when a user arrives from a TikTok ad click. Used to attribute the visit to a specific ad campaign, ad group, and creative. Persists for 7 days.
• TikTok also reads existing browser cookies and localStorage data as part of its identity matching process.

Data Collected Per Interaction

• Standard events: PageView (all pages), ViewContent (product detail pages), AddToCart, InitiateCheckout, AddPaymentInfo, PlaceAnOrder, CompletePayment
• For each event: page URL, referrer, timestamp, event name, and event-specific parameters (content IDs, content type, currency, value)
• Browser metadata: IP address, user agent, browser language
• TikTok Click ID (ttclid) if the visit originated from a TikTok ad
• Advanced Matching (if configured): hashed email address, phone number, external ID — transmitted alongside pixel events to improve match rates

Advanced Matching and Identity Resolution TikTok's Advanced Matching feature transmits SHA-256 hashed PII (email, phone number) alongside pixel events. This is used to match website visitors to TikTok accounts even when third-party cookies are blocked, improving attribution accuracy across devices.

TikTok Events API (Server-Side) Many advertisers use both the client-side pixel and a server-side Events API integration. Server-side events bypass browser-level tracking restrictions and are sent from the advertiser's server directly to TikTok's API, transmitting hashed PII and IP addresses.

Consent & Compliance

Consent category: Marketing

• GDPR/ePrivacy: The TikTok Pixel requires explicit opt-in consent before loading. The _ttp cookie is a marketing/advertising cookie requiring consent under ePrivacy. Advanced Matching transmits hashed PII to TikTok, constituting data transfer to a third country (China) requiring appropriate safeguards. No EU adequacy decision exists for China, and the EU-US Data Privacy Framework does not cover ByteDance/TikTok. Data transfers rely on Standard Contractual Clauses, but their adequacy for transfers to China has been questioned by multiple European DPAs.
• IAB TCF: TikTok is a registered IAB TCF vendor. Relevant purposes include Purpose 1 (Store and/or access information on a device), Purpose 3 (Create a personalised ads profile), Purpose 4 (Select personalised ads), and Purpose 7 (Measure ad performance).
• CCPA/CPRA: Sharing visitor behavioral data and conversion events with TikTok's advertising platform constitutes "sharing" personal information under CPRA for cross-context behavioral advertising. Opt-out rights apply via a "Do Not Sell or Share My Personal Information" mechanism.
• DPA enforcement: The Irish DPC fined TikTok €345 million in September 2023 for GDPR violations relating to children's data. Multiple EU DPAs have investigated TikTok data transfers to China. Italian, French, and Dutch DPAs have issued warnings about TikTok data processing practices.

Should You Block This Without Consent?

Yes. The TikTok Pixel is an advertising tracking tool that sets persistent identification cookies, collects behavioral and conversion data, and transfers that data to ByteDance infrastructure in China. It must be blocked until explicit marketing consent is granted. Advanced Matching should be disabled by default and only activated after consent is obtained.