The developing TikTok chronicle actually consists of two linked developments: First, the aggressive plans of TikTok (and parent company ByteDance) to expand its current business, while also pushing rapidly into other social media business opportunities; and second, the implications, both businesswise and politically, of the current national security investigation by the Committee on Foreign Investment in the United States (CFIUS).

Globally, ByteDance and TikTok are targeting their growth in East and South Asia, particularly large countries such as India and Indonesia. India is a rapidly developing success story, as TikTok downloads over the past two years have exceeded 400 million users in the country (four times as many as in the US). Unemployed teenagers form a major cohort of users, as they have few outlets for entertainment and tend to avoid English language outlets such as Facebook and Instagram. Since they enjoy little privacy in their lives, they do not worry about security. There has been some backlash from governments in Asia, but largely stemming from issues of lax security against child predators and violations of Hindu norms.

ByteDance has pledged to invest $1 billion in India over the next few years “through expansion and the construction of a data center.” As a number of outside observers have recently noted, TikTok’s success in emerging markets such as India and Indonesia will determine its future even if it encounters major obstacles in the US.

Finally, with regard to international competition, ByteDance, with TikTok in tow, is following another well-worn path of social media companies: they are expanding into different areas of competition. TikTok is moving to provide third-party services by enlisting outside app developers to integrate their content into the TikTok platform. For instance, TikTok users could edit content from Adobe’s Premiere Rush and publish it directly on the TikTok platform. While expanding its reach, these third-party services can present tough privacy issues, as Facebook and others have learned in recent years. Of even greater potential competitive significance in the future, ByteDance, in alliance with TikTok, is about to launch a music streaming app, going head-to-head with services like Spotify and Apple Music.

Over these vaulting ambitions, TikTok and ByteDance face the looming national security judgments of the CFIUS process. In a recent blog, we explored one aspect of the potential CFIUS concerns and action: whether TikTok bowed to China’s Great Firewall of cyber censorship, and whether this constituted grounds for some form of punitive action. A second concern of TikTok’s opponents, particularly in Congress, is data and location privacy — and the possibility that such data could be sent back to Beijing and used to glean vital economic and national security data from TikTok’s users.  In 2008, Congress expanded CFIUS to scrutinize foreign companies investing in the US that maintain “or collect . . . sensitive personal data of United States citizens that may be exploited in a manner that threatens national security.”

But the TikTok case presents difficult and potentially groundbreaking trade-offs for CFIUS and the balance between data privacy, data localization, and national security. In trade negotiations, the US has championed the free flow of data across borders and opposed efforts to confine data within national borders.  “Digital sovereignty” is a Chinese slogan.  And yet with regard to TikTok, Beijing does present serious national security issues, particularly given Chinese laws mandating that Chinese companies bow to any of Beijing’s data demands. Robert Williams of Yale Law School, who has written extensively on these matters, has best summed up the CFIUS TikTok challenge: “As the CFIUS inquiry into TikTok illustrates, US officials are confronting their own distinct set of tensions between economic openness and data control. In navigating this terrain, CFIUS should be one element of a broader strategy that seeks to ensure national security considerations relating to data protection are as targeted and narrowly construed as possible.”

“Targeted and narrowly construed” is indeed the right goal for CFIUS in the TikTok investigation, though it is not clear that US regulators will thread the needle with regard to the competing imperatives of data privacy, data location, and national security.

This article by Claude Barfield first appeared at the Daily Signal.

Image: Reuters.