TikTok says it's storing US data domestically amid renewed security concerns

Rerouting traffic is unlikely to sway those concerned about China's influence.

Anadolu Agency via Getty Images

TikTok says it’s achieved a “significant milestone” toward its promises to beef up the security of its US users’ data. In a new update, the company says it has “changed the default storage location of US user data.”

As the company notes, it had already stored much of its user data in the United States, at a Virginia-based data center. But under a new partnership with Oracle, the company has migrated US user traffic to a new Oracle Cloud Infrastructure.

“Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure,” the company wrote in a blog post. “We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.” Additionally, TikTok says it has made “operational changes,” including a new department “with US-based leadership, to solely manage US user data for TikTok.”

The moves are part of a longstanding effort by TikTok to address US officials’ concerns over how user data is handled by TikTok and parent company ByteDance. The company has been working to separate US user data so that it’s not accessible to China-based ByteDance as US lawmakers eye legislation to curb the influence of Chinese tech companies.

Still, the new safeguards are unlikely to fully sway critics of TikTok, who say the company still hasn’t addressed all potential concerns about how US user data is handled. In fact, just after TikTok published its blog post, BuzzFeed News published a report that raises new questions about how the company handles the data of its US users.

The report, which was based on hours of internal meetings leaked to BuzzFeed, says that “China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users.” The recordings, which cover a time period between last September and January 2022, offer new details about the complex effort to cut off Bytedance's access to US user data.

The report quotes an outside consultant hired by TikTok to oversee some of the work saying that they believed there was “backdoor to access user data in almost all” of the company’s internal tools. It also quotes statements from several employees who say “that engineers in China had access to US data between September 2021 and January 2022, at the very least.”

It also notes that while data deemed “sensitive,” like users’ birth dates and phone numbers, will be stored in the Oracle servers, other information about US-based users could remain accessible to ByteDance. “ByteDance’s China-based employees could continue to have access to insights about what American TikTok users are interested in, from cat videos to political beliefs,” the report says.

That may not seem as serious as more personal information like birthdays and phone numbers, but it’s exactly the kind of details that some lawmakers in the US have raised concerns about. US officials have questioned whether the app’s “For You” algorithm could be used as a means of foreign influence.

“We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” TikTok said in a statement to BuzzFeed News.