TikTok on defense after report on foreign access of US user data

<span>Photograph: Mike Blake/Reuters</span>
Photograph: Mike Blake/Reuters

TikTok is seeking to assuage fears over the security of American users’ data on the Chinese-owned platform, after Republican senators and a regulator argued the app poses a national security risk.

The concerns by lawmakers came after BuzzFeed reported last month that China-based employees of TikTok’s parent company ByteDance were repeatedly able to access non-public data of American users.

Nine Republican senators issued a letter to TikTok in response to the BuzzFeed report. And on Wednesday, a Republican member of the Federal Communications Commission (FCC) urged the chief executives of Apple and Google to kick TikTok out of its app stores.

Responding to the senators’ concerns, TikTok told the lawmakers in a letter sent on Thursday that it is working on a final agreement with the Biden administration that would “fully safeguard user data and US national security interests”, according to copy of the letter seen by Reuters.

Related: How TikTok is turning a generation of video addicts into a data goldmine

Shou Zi Chew, TikTok’s chief executive, wrote in the letter the company was working with US cloud computing company Oracle on “new advanced data security controls that we hope to finalize in the near future”.

TikTok’s letter acknowledged that China-based employees “can have access to TikTok US user data” but argued that access is subject to “robust cybersecurity controls and authorization approval protocols overseen by our US-based security team”.

TikTok had announced last month it had completed migrating information on its US users to servers at Oracle but it was still using US and Singapore data centers for backup.

The company said in the letter it expects “to delete US users protected data from our own systems and fully pivot to Oracle cloud servers located in the US”.

Republican Senator Marsha Blackburn, one of the lawmakers who had spoken out, said TikTok “should have come clean from the start but instead tried to shroud their work in secrecy” and urged the company to testify before congress.

Brendan Carr, the FCC commissioner, had argued in his letter to the Google and Apple CEOs that “TikTok is not just another video app”.

“It harvests swaths of sensitive data that new reports show are being accessed in Beijing,” he wrote.

Carr’s request to the tech giants was unusual given that the FCC does not have clear jurisdiction over the content of app stores. The FCC regulates the national security space usually through its authority to grant certain communications licenses to companies.

TikTok is one of the world’s most popular social media apps, with more than 1 billion active users globally, and counts the US as its largest market.

Thursday’s letter came nearly two years after a US national security panel ordered ByteDance to divest TikTok because of fears that US user data could be passed on to China’s government. That order was not enforced after Joe Biden succeeded Donald Trump. The panel, however, known as the Committee on Foreign Investment in the United States (CFIUS), is still conducting a national security review of the company, according to the letter.

“We know we are among the most scrutinized platforms from a security standpoint and we aim to remove any doubt about the security of US user data,” the letter said.

TikTok has said in the past that employees in China have data access to US user data. In a 2020 blogpost Roland Cloutier, TikTok’s chief information security officer, said: “Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US.”