It looks like China does have access to U.S. TikTok user data
UPDATE: Jul. 2, 2022, 3:18 p.m. EDT This article has been updated to reflect new information confirming suspicions about China’s access to U.S user data.
Despite the repeated assurances that TikTok’s parent company, the China-based ByteDance, isn’t checking out data collected about users in the U.S., it looks like the company absolutely does and can.
On Jul 1, TikTok confirmed that employees based in China are able to access U.S. user data through “approval protocols.” According to the New York Times, TikTok CEO Shou Zi Chew provided details about how it plans to keep data about its American users separate from ByteDance, its Chinese parent company, in a letter to nine Republican senators. In that letter, he noted that ByteDance employees in China were able to access TikTok data only through “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.” Chew added, “We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data.”
The nine Republican senators write to TikTok with questions about its practices after a Jun. 17 from BuzzFeed News in which they reviewed recordings containing over a dozen separate statements from nine different TikTok employees showed that engineers in China had access to U.S. data from at least September 2021 through January 2022. One member of TikTok’s Trust and Safety department said, in September 2021, that “everything is seen in China,” according to BuzzFeed News. Apparently, there’s even one Beijing-based engineer who “has access to everything” — they call them a “Master Admin.”
In response to BuzzFeed News’ investigation, a TikTok spokesperson said the app is “among the most scrutinized platforms from a security standpoint” and that it plans to “remove any doubt about the security of U.S. user data.”