UPDATE: Nov. 3, 2022, 11:31 a.m. EDT This article has been updated to reflect new information confirming suspicions about China’s access to U.S. and European user data.
Despite the repeated assurances that TikTok’s parent company, the China-based ByteDance, isn’t checking out data collected about users in the U.S. and Europe, it looks like the company absolutely does and can.
According a report from The Guardian on Wednesday, TikTok’s head of privacy in Europe, Elaine Fox, told employees: « Based on a demonstrated need to do their job, subject to a series of robust security controls and approval protocols, and by way of methods that are recognized [sp] under the GDPR, we allow certain employees within our corporate group located in Brazil, Canada, China, Israel, Japan, Malaysia, Philippines, Singapore, South Korea, and the United States, remote access to TikTok European user data. »
We already knew that TikTok employees based in China can see U.S. data. On July 1, TikTok confirmed that employees based in China are able to access U.S. user data through « approval protocols. » According to the New York Times, TikTok CEO Shou Zi Chew provided details about how it plans to keep data about its American users separate from ByteDance, its Chinese parent company, in a letter to nine Republican senators. In that letter, he noted that ByteDance employees in China were able to access TikTok data only through “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.” Chew added, “We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data. »
The nine Republican senators write to TikTok with questions about its practices after a Jun. 17 from BuzzFeed News in which they reviewed recordings containing over a dozen separate statements from nine different TikTok employees showed that engineers in China had access to U.S. data from at least September 2021 through January 2022. One member of TikTok’s Trust and Safety department said, in September 2021, that « everything is seen in China, » according to BuzzFeed News. Apparently, there’s even one Beijing-based engineer who « has access to everything » — they call them a « Master Admin. »
That means former President Donald Trump may have been correct in his assessment of the app when he said in an August 2020 executive order that TikTok’s « data collection threatens to allow » China to « access to Americans’ personal and proprietary information. » TikTok repeatedly said it has never and would never share U.S. user data with the Chinese government.
In response to BuzzFeed News’ investigation, a TikTok spokesperson said the app is « among the most scrutinized platforms from a security standpoint » and that it plans to « remove any doubt about the security of U.S. user data. »
TikTok has already come under fire for its data collection, and this is just another step in yet another app collecting information on its users and doing whatever it pleases with it. It seems being online in 2022 is becoming more and more difficult to do while maintaining some semblance of privacy and data autonomy.