TikTok Admits Chinese Employees Can Access U.S. User Data

US officials have been suspicious about TikTok's privacy functions for a while and they just got a confirmation of their fears.

By Charlene Badasie | Published

This article is more than 2 years old

tiktok

TikTok has admitted that some of its employees based outside the U.S have access to data from American users. The revelation immediately raised concerns about whether that information was being shared with the Chinese government. The declaration was made in a letter from TikTok CEO Shou Zi Chew and was addressed to several Senators who previously questioned the social network’s data-sharing practices.

The admission was prompted by a recent BuzzFeed News investigation into the ByteDance-owned company. Published on June 17th, the report claims to have listened to leaked audio of more than 80 internal TikTok meetings. The recordings were captured from September 2021 to January this year. They include 14 statements from nine employees who met to discuss Project Texas – a classified effort to stop engineers in China from retrieving the data.

Chew condemned the report, saying it included allegations and insinuations that are incorrect and are not supported by facts. He explained how the video-sharing site stores all its American user data in a U.S-based cloud storage service. But the TikTok boss still admitted that staff in China could access local user data in some instances. “Employees outside the U.S., including China-based employees, can have access to U.S. user data,” the letter said.

But Chew assured Senators that their access is subject to a series of robust cybersecurity controls and authorization approval protocols overseen by TikTok’s U.S.-based security team. “The level of approval required is based on the sensitivity of the data according to the classification system,” he added. The CEO also confirmed the social network’s Project Texas program. He explained that it aims to safeguard U.S user data by running TikTok from servers in Texas owned by Oracle, The Daily Mail reports.

The letter also answers 11 questions that the Senators requested answers to by July 18. To that end, Chew said he is confident that when the company’s responses are reviewed, lawmakers will see that TikTok has not, at any point, misled Congress about its data, security controls, and practices. He also states that employees can only access non-sensitive data, like public videos and comments. But he noted that access to this content is extremely limited.

Additionally, the CEO told the Senators that TikTok’s algorithm will only be trained on data from the Oracle storage and the company will ensure appropriate third-party security vetting and validation of the algorithm. Unfortunately, the letter hasn’t managed to ease the overall security concerns. Speaking to NBC News, Senator Marsha Blackburn said that Chew’s response confirms suspicions that their fears regarding Chinese Communist Party influence within the company are real.

Blackburn said the ByteDance company should have come clean from the start. But instead, the social network tried to shroud their activities in secrecy. “Americans need to know that if they are on TikTok, Communist China has their information. TikTok needs to come back and testify before Congress,” The Republican said.

United States government officials have believed that the micro-vlogging site has been “spying” on Americans for a long time. In 2019, the Pentagon warned military service members and civilian employees about using the app. President Donald Trump sought to ban the app in 2020, or force ByteDance to hand over its U.S.-based operations to a local firm.