TikTok has outlined in a letter to US senators how it plans to keeping the data it holds on US citizens separate from Chinese parent company ByteDance, over national security concerns.
The app is one of the most popular social media services, with more than 1 billion users worldwide, and counts the US as its biggest market.
It has been under investigation by the Committee on Foreign Investment in the United States (CFIUS) since 2020 amidst a trade war with China initiated by then-President Donald Trump.
Trump ordered ByteDance to divest its US TikTok operations to a third company, but that deal never went through after current president Joe Biden took office in 2021.
“We know we are among the most scrutinised platforms from a security standpoint and we aim to remove any doubt about the security of US user data,” said TikTok chief executive Shou Zi Chew in the letter.
Chew, a Harvard Business School graduate who is also ByteDance’s chief financial officer, said the company is planning “new advanced data security controls that we hope to finalise in the near future”.
He said the company would operate the US app entirely from servers controlled by Oracle, with the set-up audited by a third party.
US users’ personal information would also be stored at Oracle instead of on TikTok’s own servers, he said.
Last month BuzzFeed News reported that ByteDance still had access to the US data as recently as January of this year and that the company was finding it difficult to separate off the American data.
Following the report nine US senators wrote to TikTok about its practices, and the letter is in response to their query, TikTok confirmed in a statement.
An FCC commissioner also last month urged Apple and Google to remove TikTok from their app stores.
Chew said in the letter that ByteDance employees in China should only get access to TikTok data when “subject to a series of robust cybersecurity controls and authorisation approval protocols overseen by our US-based security team”.
He reiterated that the company hopes to soon be able to delete US users’ data from its servers.
“We have not spoken publicly about these plans out of respect for the confidentiality of the engagement with the US government, but circumstances now require that we share some of that information publicly to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business,” Chew wrote.
He made it clear that ByteDance employees in China would still be working on TikTok, for instance to develop the algorithm that feeds personalised video recommendations to users.
But Oracle would ensure that “training of the TikTok algorithm” would happen only on Oracle’s servers.
Senator Marsha Blackburn of Tennessee, one of the US senators who wrote to TikTok last month, said in a statement that Chew’s letter proved that fears about the Chinese Communist Party’s influence on TikTok and ByteDance “were well founded”.
She said TikTok “should have come clean from the start but instead tried to shroud their work in secrecy”, adding that the company should testify again before Congress.
Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…