TikTok says it is working to ‘safeguard’ US data and national security

Chinese-owned social media app TikTok has sought to reassure US lawmakers over its data practices, amid renewed concerns about the threat to national security if private user information is accessible by Beijing.

In a letter to nine Republican senators dated June 30, TikTok chief executive Shou Zi Chew said the app, which is owned by Beijing-based ByteDance, was working on “compliance with a final agreement with the US government that will fully safeguard user data and US national security interests”. 

The efforts centre around working with US cloud software company Oracle “on new, advanced data security controls”, designed to ensure all American user data is stored in the country, and that “all data sharing outside of the protected enclave in the United States will be pursuant to protocols and terms approved by the US government”, he said.

TikTok is aiming to complete the process, which it has dubbed Project Texas, “in the near future”, he added.

The viral video app, which exploded in popularity among teenagers during coronavirus pandemic-related lockdowns, has been battling security and privacy concerns for several years, amid wider fears that Chinese companies could share American citizens’ data with Beijing for espionage purposes.

President Joe Biden’s administration is reviewing efforts by his predecessor, Donald Trump, to ban the app on national security grounds. The app faces scrutiny from the US Committee on Foreign Investment, or Cfius, a government panel that reviews foreign investment.

TikTok has previously said it does not share American user data with the Chinese government.

However, a BuzzFeed report last month claimed that private US user data was accessible to its China-based engineers as recently as January, and that staffers were finding it difficult to guarantee that would not continue, citing leaked audio from internal meetings.

The report prompted the nine Republican senators to write to Chew last week with questions about TikTok’s security and privacy practices. The senators also suggested that the company had made “misrepresentations” to lawmakers at a congressional hearing last year about whether its data was accessible by China.

A Republican serving on the Federal Communications Commission this week also urged Apple and Google to remove TikTok from their app stores.

In his written response to the senators, first reported by The New York Times, Chew wrote that Chinese TikTok employees can only access US user data “subject to a series of robust cyber security controls and authorisation approval protocols overseen by our US-based security team”. This protocol was being further developed in accordance with US government and Cfius demands, he said.

He said that staffers based outside the US would still be able to develop its software and algorithm, but that this would undergo “third-party vetting”.

Chinese staffers would still have access to “non-sensitive” US user data such as public comments and videos, he said.

In a statement last week, the company said it had migrated default storage for US users’ data to Oracle cloud servers but that it was still using its own US and Singapore data centres for back-up. It added that it expected to delete users’ private data from its own data centres to “fully pivot” to Oracle cloud servers in future.