TikTok Says Some China-Based Employees Can Access U.S. User Data, Outlines Plan for Better Safeguards

TikTok is working on a plan to better safeguard the data of its U.S. users, the company said in an open letter [PDF] to several U.S. Senators that have expressed concern that the China-based app is a national security risk.

tiktok logo
Shared by The New York Times, the letter outlines a multi-pronged undertaking called "Project Texas," aimed at strengthening data security. TikTok says that 100 percent of U.S. user data is stored in an Oracle cloud environment located in the U.S., and it is working with Oracle on more advanced data security controls that will be finalized "in the near future."

TikTok is planning to delete U.S. data from its servers and store information with Oracle exclusively. The company says all data sharing outside of the United States will be pursuant to "protocols and terms approved by the U.S. government."

The broad goal for Project Texas is to help build trust with users and key stakeholders by improving our systems and controls, but it is also to make substantive progress toward compliance with a final agreement with the U.S. Government that will fully safeguard user data and U.S. national security interests. We have not spoken publicly about these plans out of respect for the confidentiality of the engagement with the U.S. Government, but circumstances now require that we share some of that information publicly to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business.

Concerns over TikTok have heightened over the last two weeks following a BuzzFeed News report that suggested TikTok engineers in China had access to the data of U.S. users between September 2021 and January 2022. "Everything is seen in China," said one TikTok employee in recordings reviewed by BuzzFeed, with the recordings also referencing a "Master Admin" engineer in China who "has access to everything."

Given the concerns over U.S. data access, the United States Federal Communications Commission earlier this week asked Apple and Google to remove TikTok from their app stores because of a "pattern of surreptitious data practices."

TikTok in its letter confirmed that some China-based employees are indeed able to access data from U.S. TikTok users, "subject to a series of robust cybersecurity controls" overseen by a U.S.-based security team. TikTok says that it has an internal data classification system and approval process in place that assign levels of access based on the sensitivity of the data. It will work with the Biden Administration going forward to continue to limit data access.

In response to a question on why TikTok does not plan to block all U.S. user data from the view of employees in China, TikTok said that "certain China-based employees will have access to a narrow, non-sensitive set of TikTok U.S. user data" in order to ensure global interoperability. Employees will also be able to develop the TikTok video recommendation algorithm using U.S. data, though training of the algorithm will be limited to Oracle's servers.

TikTok promises that access will be "very limited" and will not include "private TikTok U.S. user information." TikTok says that it has not been asked to provide data to the Chinese government, and would not provide data if the CCP requested information.

Apple and Google have not as of yet responded to the FCC's request to remove the TikTok app from their app stores.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: TikTok

Top Rated Comments

Think|Different Avatar
12 months ago
Nope. You simply cannot trust them.
Score: 52 Votes (Like | Disagree)
Villarrealadrian Avatar
12 months ago
Get it off the stores already!
Score: 34 Votes (Like | Disagree)
antiprotest Avatar
12 months ago

TikTok says that it has not been asked to provide data to the Chinese government, and would not provide data if the CCP requested information.
Wait, really? Even Apple would comply like a good little ?.
Score: 20 Votes (Like | Disagree)
Hastings101 Avatar
12 months ago
Should have let Trump ban it. Add it to the list of national security concerns like ZTE, Huawei, and all the others
Score: 17 Votes (Like | Disagree)
jz0309 Avatar
12 months ago
what a surprise ...
Score: 17 Votes (Like | Disagree)
kesenwangs Avatar
12 months ago

That's not true.

Apple is adhering to local laws in terms of hosting Chinese data within China, but that's not the same thing as just freely handing over data at CCP's request.
This response is also simply not true. Apple has previously removed encryption technology ('https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.amp.html') used elsewhere because it wouldn’t be allowed in China, so there’s not really a need to “freely hand over data” at the CCP’s request anyways. No business entity has a choice in this matter.
Score: 16 Votes (Like | Disagree)

Popular Stories

google drive for desktop1

Google to Roll Out New 'Drive for Desktop' App in the Coming Weeks, Replacing Backup & Sync and Drive File Stream Clients

Tuesday July 13, 2021 1:18 am PDT by
Earlier this year, Google announced that it planned to unify its Drive File Stream and Backup and Sync apps into a single Google Drive for desktop app. The company now says the new sync client will roll out "in the coming weeks" and has released additional information about what users can expect from the transition. To recap, there are currently two desktop sync solutions for using Google...