While TikTok has promised for years that the data of its U.S. users is stored in the United States and not in China, a new investigation by Buzzfeed News found that China-based employees of Bytedance, TikTok’s parent company, have regularly accessed nonpublic user data of U.S. customers.
In the report, titled “The TikTok Tapes,” Buzzfeed News obtained audio from more than eighty internal TikTok meetings. The recordings, per Buzzfeed’s report, “contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least.”
"Everything is seen in China,” one TikTok employee said. Such concerns contributed to then-President Donald Trump’s threats to ban TikTok in the United States and his efforts to broker a sale of the company’s U.S. operations to Oracle. That deal was never finalized, nor was the proposed ban ever implemented.
TikTok released a statement to Buzzfeed. “We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” the company said. “That's why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses."
TikTok is working on an initiative called Project Texas, under which certain data “can no longer flow out of the United States and into China,” Buzzfeed News reported. However, the report also stated that “the vast majority of situations where China-based staff accessed US user data were in service of Project Texas's aim to halt this data access.”
Protocol reported that TikTok is now routing all U.S. user traffic to Oracle’s cloud infrastructure. This is described in the report as “a bid to allay U.S. regulators’ concerns about data integrity on the popular short video app given its Chinese ownership.”
“Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.,” Albert Calamug, head of U.S. public policy at TikTok, said in a blog post this week. “In addition, we're working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind,” Calamug added.
However, Engadget noted that such a move is “unlikely to sway those concerned about China's influence.”
Stephen Silver, a technology writer for The National Interest, is a journalist, essayist and film critic, who is also a contributor to The Philadelphia Inquirer, Philly Voice, Philadelphia Weekly, the Jewish Telegraphic Agency, Living Life Fearless, Backstage magazine, Broad Street Review and Splice Today. The co-founder of the Philadelphia Film Critics Circle, Stephen lives in suburban Philadelphia with his wife and two sons. Follow him on Twitter at @StephenSilver.