IE 11 is not supported. For an optimal experience visit our site on another browser.

TikTok responds to data privacy concerns raised by Republican senators

In a letter, TikTok CEO Shou Zi Chew gave detailed responses to questions posed by Republican senators to the company about data privacy.
A man holding a phone walks past the TikTok, logo at the International Artificial Products Expo in Hangzhou, China on Oct. 18, 2019.
A man holding a phone walks past the TikTok, logo at the International Artificial Products Expo in Hangzhou, China on Oct. 18, 2019.Chinatopix via AP file

TikTok CEO Shou Zi Chew responded in a lengthy letter to the concerns of nine Republican senators about data privacy and access to U.S. user data in China, which they outlined in a June letter to the company.

The senators’ letter, led by Sen. Marsha Blackburn, R-Tenn., expressed concern over a recent BuzzFeed News investigation which indicated that China-based TikTok employees had access to data from U.S. users. NBC News has not independently verified that reporting. TikTok is owned by the Beijing-based company ByteDance and has been a target for Republicans in recent years.

Blackburn’s letter included a series of 11 questions that the senators requested answers to by July 18. In his letter of response, dated June 30, Chew addressed each of the questions in detail.

While acknowledging that Chinese employees do have limited access to U.S. user data, Chew wrote that the “allegations and insinuations” from the BuzzFeed News article are “incorrect and are not supported by facts.”

“[W]e are confident that when you review our responses, you will see that TikTok has not, at any point, misled Congress about our data and security controls and practices.”

The BuzzFeed News report was based on leaked audio from internal TikTok meetings. Chew said that the quotes used by BuzzFeed News came from meetings for TikTok’s long-term initiative called “Project Texas,” which is attempting to fortify TikTok’s data privacy and protect U.S. national security interests.

TikTok announced on June 17 that 100% of U.S. user data will now be stored in the U.S. via Oracle, with some backups held in Singapore. Chew’s letter assures that in addition to the storage of data, TikTok will be working to make all data sharing outside of the U.S. compliant with the terms of the U.S. government.

In the letter, Chew wrote, “Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.” TikTok classifies data based on its sensitivity, and it increases the level of required approval depending on the sensitivity.

Certain nonsensitive data, such as public videos and comments, which are accessible to any user throughout the world, will be accessible to employees not based in the U.S., including China-based employees. This access, however, will still be extremely limited, Chew wrote.

Furthermore, Chew says in his letter that while ByteDance employees may assist in the development of the TikTok algorithm, the algorithm will only be trained on data from the U.S.-based Oracle storage. ByteDance also helps with the hiring of some of TikTok’s key personnel, according to the letter.

“TikTok’s response confirms that our fears regarding [Chinese Communist Party] influence within the company are well-founded,” Sen. Blackburn said in a statement provided to NBC News. “They should have come clean from the start but instead tried to shroud their work in secrecy. Americans need to know that if they are on TikTok, Communist China has their information. TikTok needs to come back and testify before Congress.”

The 2017 National Intelligence Law mandates that Chinese organizations and citizens “support, assist and cooperate with the state intelligence work.” In other words, companies that operate in China can be compelled to provide data to the government.

The letter from Sen. Blackburn includes the questions, “If the Chinese Communist Party asked you for U.S. user data, what is to stop you from providing it? Can the CCP compel you to provide this data, regardless of response? Can they access it regardless of response?”

Chew only partially addressed these questions in his letter, writing, “We have not been asked for such data from the CCP. We have not provided U.S. user data to the CCP, nor would we if asked.”