TikTok, the popular video-sharing app operated by the Chinese company ByteDance, admitted last week that its Chinese employees can access U.S. user data.
In a letter addressed to several U.S. Senators on Thursday, TikTok CEO Shou Zi Chew decried recent reporting by Buzzfeed that Chinese TikTok employees described having access to U.S. user data. The TikTok CEO said Buzzfeed’s reporting “included allegations and insinuations that are incorrect and are not supported by facts” but still admitted that TikTok employees in China could access U.S. user data in some instances.
Chew described TikTok’s efforts to store all U.S. user data in a U.S.-based cloud storage service, but when asked if TikTok employees in China currently have, or in the past had access to U.S. user data, Chew said, “Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”
“The level of approval required is based on the sensitivity of the data according to the classification system,” Chew added.
Chew wrote his letter in response to questions posed by Sens. Marsha Blackburn (R-TN), Roger Wicker (R-MS), John Thune (R-SD), Roy Blunt (R-MO), Ted Cruz (R-TX), Jerry Moran (R-KS), Shelley Moore Capito (R-WV), Cynthia Lummis (R-WY), and Steve Daines (R-MT) after Buzzfeed’s reporting on Chinese TikTok employees accessing U.S. user data.
The nine senators noted that TikTok has said it has never and would never provide user data to the Chinese government but noted the company’s privacy policy states it can disclose data in response to government inquiries. The senators asked if TikTok has ever disclosed U.S. user data to the Chinese government or its ruling Chinese Communist Party (CCP) and what the company could do to protect user data if the Chinese government ordered it to hand over such data.
“We have not been asked for such data from the CCP. We have not provided U.S. user data to the CCP, nor would we if asked,” Chew replied.
Chew further directed the senators to a resource documenting government requests for user data by country around the world.
TikTok’s plan to store U.S. user data on a U.S. cloud storage system is known as “Project Texas.” According to TikTok, Project Texas will store “protected” data, as defined by the Committee on Foreign Investment in the United States (CFIUS). When asked why TikTok wouldn’t store all U.S. user data in the U.S. so that China cannot access it, Chew said, “China-based employees will have access to a narrow, non-sensitive set of TikTok U.S. user data, such as the public videos and comments available to anyone, to ensure global interoperability so our U.S. users, creators, brands, and merchants are afforded the same rich and safe TikTok experience as
global users.”
“This access will be very limited,” Chew added. “It will not include private TikTok U.S. user information, and it will only occur pursuant to protocols being developed with the U.S. Government.”
U.S. officials have expressed concerns about TikTok for years. In 2019, the Pentagon advised military service members and civilian employees to be careful about using the app, and U.S. military branches went a step further by banning the app in some instances. In 2020, President Donald Trump sought to ban the app in the U.S. or force ByteDance to hand over its U.S.-based operations to a U.S. firm. Last year, President Joe Biden signed an executive order, ending the Trump-era effort to ban the app in the U.S.