TikTok's CEO has written to nine Republican senators to outline new efforts by the popular video app to protect US user data, amid renewed congressional scrutiny of access to that information by employees of its Chinese parent company, ByteDance.

"We know we are among the most scrutinised platforms from a security standpoint, and we aim to remove any doubt about the security of US user data," Shou Zi Chew wrote in the letter, which was dated Thursday and obtained by The New York Times.

Steps taken by the company to address data security concerns included an initiative called "Project Texas", a series of protocols to restrict data access being created in coordination with the US government, Chew wrote.

Do you have questions about the biggest topics and trends from around the world? Get the answers with SCMP Knowledge, our new platform of curated content with explainers, FAQs, analyses and infographics brought to you by our award-winning team.

TikTok had not yet publicised the effort due to the confidentiality of its engagement with the US government, "but circumstances now require that we share some of that information publicly", wrote Chew.

US President Joe Biden last year revoked an executive order by his predecessor that would have paved the way for banning TikTok and Chinese messaging app WeChat. His administration has even sought to educate the US public on its policy priorities via major TikTok influencers.

But the app remains firmly in the crosshairs of federal watchdogs.

Chew indicated in his letter that TikTok remained under a review by the Committee on Foreign Investment in the United States, the government panel that assesses national security risks of foreign investment into or ownership of US entities.

Amid the sustained scrutiny, TikTok has moved all its US user data to cloud servers operated by US cloud computing company Oracle, though it continues to store backups in its own data centres in the US and Singapore. Chew said TikTok expected to eventually delete those backups as it pivoted "fully" to the Oracle platform.

The group of senators had written to Chew earlier this week seeking answers from him, following reporting by BuzzFeed that alleged frequent access by ByteDance staff to TikTok user data, including one engineer who had "access to everything".

Despite congressional testimony by a TikTok executive last year that data access was determined by a US-based security team, BuzzFeed cited numerous employees who said US staff had to turn to China-based colleagues for help in accessing US user data.

Chew said the article contained insinuations "not supported by facts". But he did not deny that employees based in China had access to US user data.

"Employees outside the US, including China-based employees, can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorisation approval protocols overseen by our US-based security team," he wrote.

The level of approval required for such access would be based on the sensitivity of the data in question, Chew added. Oracle would also be involved in screening access requests to "validate compliance" with the new protocols.

Dating back to the administration of former US President Donald Trump, which came close to banning use of the app in the US, much of Washington's scrutiny of TikTok has centred on concerns that Beijing could force the company to surrender sensitive US user data.

Even though TikTok said it was willing to work with foreign governments on "valid" law enforcement requests, Chew wrote in his letter that the company had never been asked to hand over user data to Chinese authorities and would not accede in such a scenario.

"We have not provided US user data to the [Chinese Communist Party], nor would we if asked," he said.

The senior Republican on the Federal Communications Commission (FCC), the US government's communications regulator, this week called on Apple and Google to remove TikTok from their respective app stores, citing concerns raised by BuzzFeed's reporting.

"TikTok's pattern of conduct and misrepresentations regarding the unfettered access that persons in Beijing have to sensitive US user data ... puts it out of compliance with the policies that both of your companies require every app to adhere to as a condition of remaining available on your app stores," FCC commissioner Brendan Carr wrote in a letter to the two tech giants.

Neither Apple nor Google responded to requests for comment about Carr's appeal.

This article originally appeared in the South China Morning Post (SCMP), the most authoritative voice reporting on China and Asia for more than a century. For more SCMP stories, please explore the SCMP app or visit the SCMP's Facebook and Twitter pages. Copyright © 2022 South China Morning Post Publishers Ltd. All rights reserved.

Copyright (c) 2022. South China Morning Post Publishers Ltd. All rights reserved.