In a letter to nine United States (US) senators, TikTok, the wildly popular social media platform, admitted that its China-based employees have access to American user data.
Shou Zi Chew, the company’s CEO clarified that user data shared with China-based employees is subject to a series of "robust cybersecurity controls and authorization approval protocols" overseen by a US-based security team.
This comes shortly after Brendan Carr, a Republican member of the Federal Communications Commission (FCC) asked Google and Apple to remove TikTok from their app stores over concerns that the app could share data of Americans with China.
‘Pattern of Surreptitious Data Practices'
Carr believes that TikTok isn’t just an app for sharing funny videos or memes and has called on Apple and Google to remove the app from their app stores for "its pattern of surreptitious data practices."
"At its core, TikTok functions as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data," he wrote in his letter.
Carr pointed to a recent BuzzFeed report that showed that China-based employees of ByteDance “have repeatedly accessed nonpublic data about U.S. TikTok users" on the basis of leaked audio from more than 80 internal TikTok meetings.
While TikTok has stated that it does not share data with the Chinese government, there's a possibility that Beijing can still access the data by forcing China-based employees to secretly hand it over.
"TikTok’s response confirms our fears about the CCP’s influence in the company were well founded,” Republican Senator Marsha Blackburn told Bloomberg.
“The Chinese-run company should have come clean from the start, but it attempted to shroud its work in secrecy. Americans need to know if they are on TikTok, Communist China has their information," she added.
Since the FCC is not involved in regulating app stores, Carr's request does not mean much on its own, but it does represent growing pressure on the Chinese business from top officials.
Parallels to India's TikTok Ban
In his letter, Carr also pointed towards India's ban of TikTok.
"India, the world's largest democracy, has already banned TikTok on national security grounds for stealing and surreptitiously transmitting user data in an unauthorized manner," he said.
The Government of India banned 59 mobile apps including TikTok, UC Browser and SHAREit in June 2020, calling them "prejudicial to sovereignty and integrity of India, defence of India, the security of the state and public order."
The Ministry of Information Technology said it had received several complaints and reports about Chinese apps for stealing and surreptitiously transmitting users’ data in an unauthorised manner to servers that have locations outside India.
"The compilation of this data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures," it added.
Since this ban came amid a face-off between India and China in Ladakh’s Galwan Valley, many criticised this as a political move.
Like in its letter to US senators, TikTok at the time insisted that Indians' data wasn't being shared with the Chinese government, but the recent revelations lend more weight to the Indian government's concerns.
TikTok Lays Out a Privacy Plan
TikTok has a solution in mind. In the letter, the CEO explained that the company would operate the app from servers controlled by the US-based cloud computing giant Oracle, subject to third-party auditing.
The personal information of American users will also be stored with Oracle, rather than on TikTok’s own servers.
"We are still using our US and Singapore data centers for backup, but as we continue our work to deliver on US data governance, we expect to delete US users' protected data from our own systems and fully pivot to Oracle cloud servers located in the US," he wrote.
Carr does not believe this will make a difference as long as data is still accessible in China.
“TikTok has long claimed that its US user data has been stored on servers in the US, and yet those representations provided no protection against the data being accessed from Beijing,” he wrote.
His views are echoed by Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, who told Buzzfeed that "physical location does not matter if the data can still be accessed from China."
Another point of concern is that ByteDance employees in China would still be working on TikTok to develop its algorithm that makes personalised video recommendations to users. This could potentially leave millions of Americans vulnerable to the soft influence of the Chinese government.
(With inputs from Bloomberg and Buzzfeed.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)