TikTok, a unit of China’s ByteDance, told U.S. lawmakers that it’s working to safeguard user data in response to concern that its Chinese employees have been able access data on its U.S.-based users.
The social media company sent a letter on Thursday to members of the U.S. Senate acknowledging that employees outside the U.S. could see information on U.S. users, confirming reports of such practices. TikTok said in the memo that it’s now working with Oracle on more advanced data security tools that it hopes to finish building at an unspecified date in the near future.
“Employees outside the U.S., including China-based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team,” TikTok CEO Shou Zi Chew wrote in the memo.
CNBC reported last year that former TikTok employees were concerned about ByteDance’s influence on the popular short video service and the notion that Chinese workers could examine American user data.
TikTok said it’s currently undertaking a major initiative, dubbed Project Texas, intended to “fully safeguard user data and U.S. national security interests.” The company said it’s now storing all U.S. data by default in Oracle’s cloud, reiterating comments made in a recent blog post, which said “100% of US user traffic is being routed to Oracle Cloud Infrastructure.”
“That work puts us closer to the day when we will be able to pivot toward a novel and industry-leading system for protecting the data of our users in the United States, with robust, independent oversight to ensure compliance,” Chew said in the memo.
The agreement with Oracle was forged in 2020, after former President Donald Trump had threatened to ban the TikTok app in the U.S.
Chew said that while ByteDance developed the underlying algorithms that power the app and its Chinese sibling Douyin, the bulk of TikTok’s core technology infrastructure is “separate from Douyin.”
“Our solution with Oracle will ensure that training of the TikTok algorithm only occurs in the Oracle Cloud Infrastructure and will also ensure appropriate third-party security vetting and validation of the algorithm,” Chew wrote.
He added that the Chinese Communist Party (CCP) has not asked the company for access to the data of its U.S.-based TikTok users and that the company would not provide such data to the CCP if requested.