By: Casey Reilly

Whether you occasionally scroll through videos on your “For You” page, create content of your own, or avoid downloading the app altogether, chances are that you have heard a thing or two about TikTok.  This video sharing app has quite literally captured the interest of teenagers and lawmakers alike – albeit, for very different reasons.

Within the past two years, TikTok has gained more than a billion users, of which approximately 135 million are located in the U.S.  Amidst this growth, TikTok has been at the center of data privacy and security concerns regarding its connection to China.  TikTok’s parent company, ByteDance, is located in China and operates among other leading Chinese tech companies like Alibaba, Baidu, and Tencent, with little to no competition from U.S. tech companies like Google, Amazon, and Meta.  Lawmakers and regulators in the U.S. have expressed a variety of concerns regarding whether TikTok is handing over American data to the Chinese government.

In 2020, former President Donald Trump issued an executive order that addressed the threats posed by TikTok.  This order largely centered around TikTok’s ability to capture user information, including location data, browsing data, and search histories.  The executive order read, “[t]his data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information – potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail and conduct corporate espionage.”  The White House stated that TikTok was distinct among other social media, including fitness tracking mobile applications, because its terms of service mentioned the ability to share data with its parent company, ByteDance.  The White House expressed concerns regarding the implications this could have among the U.S. and China trade war.  Former President Donald Trump was urging American companies to consider buying TikTok to mitigate some of these security concerns; Microsoft was even in early negotiations on acquiring the video-platform as its first major social media platform.  Although this order effectively aimed to ban TikTok from American users, it was ultimately ineffective in doing so.

In June of 2021, President Biden issued an executive order that revoked and updated the prior Administration’s executive orders concerning TikTok.  Rather than aiming to ban TikTok entirely, this new order directed the Commerce Department to review applications with ties to foreign adversaries and identify any unacceptable risks.  Transactions that involve “heightened risks” are those that “involve apps owned, controlled or managed by people supporting foreign adversary military or intelligence service or when the apps collect sensitive personal data.”

TikTok has consistently maintained that information gathered about U.S. users is maintained in the U.S. and not in China.  However, there has been misleading information surrounding this topic.  Leaked audio from internal TikTok meetings revealed that China-based employees could access nonpublic data from U.S. users.  There are differing levels of access for engineers and admins across TikTok and because the systems are so complex, it can be difficult to identify who has access to what.  An external auditor even claimed, “I feel like with these tools, there’s some backdoor to access user data in all of them.”  Due to this, lawmakers and regulators continuously express concerns about Americans’ privacy.

In September of 2022, members of the Senate Homeland Security and Governmental Affairs Committee questioned TikTok’s chief operating officer, Vanessa Pappas, about the app’s ability to hand over data to Chinese officials.  Ms. Pappas repeatedly insisted that TikTok would not provide American data at the pressure or request from the Chinese government.  She stated that this has never happened in the past and that although they do have employees based in China, ByteDance is a “distributed company” without headquarters and therefore does not have headquarter ties to China.  Ms. Pappas did not provide any direct responses to lawmaker’s inquiries on whether employees based in China have abilities to access American users’ data.  Various senators questioned Ms. Pappas on how the app handles biometric data and if any employees are members of the Chinese Communist Party, but many of these questions also went unanswered.

How is TikTok responding?  They are working alongside the Biden Administration to help mitigate concerns over security exposure.  TikTok has long stored American data on their own servers located in both Virginia and Singapore, but under the draft terms all U.S. user traffic will be directed to Oracle’s Cloud Infrastructure – meaning all American data will be held in the U.S. maintained on Oracle servers rather than by TikTok themselves.  Furthermore, Oracle is expected to monitor TikTok’s algorithms, specifically those that determine recommended content for users, in order to mitigate concerns that China can directly influence the American public.  Lastly, TikTok is making operational changes by establishing a new department that will exclusively consist of U.S. security experts to solely manage U.S. user data.  This department will have direct reporting ties to the U.S. government.  TikTok’s U.S. Security Public Policy expert, Albert Calamug, stated that “[t]his is an important direction from a systems and data security standpoint, and part of our focus on preserving an interconnected experience for our global community while building a security-first culture.”

Although the terms of the deal between the U.S. government and TikTok are not yet finalized, a resolution between the app and the government could set a precedent for future situations involving big data and foreign adversaries.  Perhaps, we will see greater transparency among applications and their data collection policies.  Though TikTok is among the most scrutinized right now, this deal could drastically alter the environment and relationship between big tech and national security.

 

Student Bio: Casey Reilly is a second-year student at Suffolk University Law School.  She is a staff writer on the Journal of High Technology Law.  Prior to law school, Casey received a Bachelor of Science Degree in International Business, with a concentration in Finance, from Bryant University and spent several years working at a financial services institution in Boston.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.