The specter of a hostile foreign power accessing user data collected from 150 million Americans has led to calls to ban TikTok in the US. That is, unless China-based parent company ByteDance sells it to a non-China-based owner.
ByteDance and TikTok oppose this proposed solution, insisting TikTok does not answer to the Chinese government.
Instead, TikTok has proposed its own initiatives to safeguard Americans’ data from being accessed by any Chinese entities. The centerpiece of these proposals is Project Texas, which would ensure that all US data is stored on servers run by Oracle, a US-based company.
However, based on TikTok CEO Shou Chew’s appearance before the House Committee on Energy and Commerce on Thursday, Congress isn’t buying TikTok’s claims of independence. And US legislators have no faith in any of TikTok’s proposals.
In their opening statements, Republican committee chair Cathy McMorris Rodgers (R-Wash.) and ranking Democratic member Frank Pallone (D-NJ) expressed disbelief that the Chinese Communist Party (CCP) does not exert influence over TikTok’s management.
TikTok maintains that China does not control the platform and that China’s government does not have access to US user data. And though a link between the CCP and TikTok has yet to be established, there’s plenty of smoke.
McMorris Rodgers asserted that top ByteDance executives, including CEO Liang Rubo and CEO of its China office Kelly Zhang, have ties to the CCP, but she offered no real evidence during the hearing. Chew often communicates with both executives but said he has not communicated with any Chinese government officials in his time as TikTok CEO.
McMorris Rodgers also pointed to a statement by China’s Commerce Ministry that said any sale or divestiture of TikTok would involve an export of proprietary technology and would have to approved by the Chinese government.
“The CCP believes they have final say over your company,” McMorris Rodgers said. “I have zero confidence in your assertion that ByteDance and TikTok are not beholden to the CCP.”
McMorris Rodgers and other committee members also repeatedly cited a report about ByteDance tracking the physical location of Forbes journalists in an attempt to uncover their sources, an incident Chew condemned.
Regardless, the episode stands out as the biggest counterpoint to TikTok’s argument that its Chinese parent company cannot access US user data.
Chew also claimed TikTok no longer collects precise geolocation data on US users (although that change only went into effect on March 21). He also confirmed that older versions of the app still do collect location data if a user hasn’t opted out.
Throughout the hearing, Chew pushed back against the idea that changing TikTok’s ownership would allay concerns about how social media platforms gather user data or how content recommendation algorithms push harmful or misleading content.
“American social companies don’t have a good track record with data privacy and user security,” Chew said. “Look at Facebook and Cambridge Analytica as just one example.”
Instead, Chew offered four commitments on behalf of TikTok: to make user safety, particularly for teenagers, a top priority; to firewall US data from unauthorized foreign access; to resist influence from any government and protect free expression; and to give third-party monitors access to the app’s source code to ensure accountability.
Regarding safety for teenagers, TikTok offers three separate user experiences in the US depending on a user’s age. For under-13s, every piece of content they see is vetted by Common Sense Media, a third-party auditor. These young users are not allowed to comment on videos or send direct messages. They also do not receive personalized content recommendations in their feed and are not served any ads.
However, Rep. Lisa Blunt Rochester (D-Del.) noted that means users as young as 13 are served targeted ads, and the data used to serve those ads could potentially be accessed by the CCP.
Meanwhile, Project Texas, TikTok’s solution for firewalling US user data from foreign access and giving independent monitors access to its code, also fell flat with lawmakers.
Through Project Texas, all of TikTok’s US user data would be stored on servers operated by Oracle, and that data would be protected by US law. Oracle and other third parties would have access to TikTok’s source code, providing a level of accountability that Chew repeatedly stressed no other social platform offers. But he could not answer Rep. Jay Obernolte (R-Calif.)’s question as to whether third parties will be able to review both the app and server code.
Much of the committee’s time was spent citing TikTok’s content moderation failures.
For example, Rep. Kat Cammack (R-Fla.) shared a video that included an explicit threat of violence against the committee and mentioned McMorris Rodgers by name. The post was viewable on TikTok for 41 days and was taken down shortly after it was shown during the hearing.
Chew said TikTok is investing in better content moderation capabilities, but declined to put a dollar amount to that investment.
Ranking member Pallone also attempted to get Chew to give his blessing to a number of additional commitments that are in line with the ADPPA, the proposed national privacy law that has garnered bipartisan support but has yet to be passed by Congress.
In response to Chew’s claim that TikTok does not sell user data to data brokers, Pallone asked him to commit to not selling data to anyone. Chew expressed vague support for “some rules” that would limit all social media companies’ data usage and said he would “get back to” Pallone on the details of who TikTok shares its data with.
Pallone also suggested that TikTok commit to not serving targeted ads to any users under 17, which Chew said the company will consider. He also asked if TikTok would commit to not collecting medical data from its own platform without affirmative user consent or from third parties, both of which Chew claimed TikTok does not do.
Pallone and the rest of the committee ultimately seemed unmoved by TikTok’s attempts at self-regulation, and several members said a national privacy law is the only way to reign in Big Tech’s data collection practices.
“Today, the American people are powerless to stop this invasion of their privacy,” Pallone said. “And we can’t wait any longer to pass comprehensive national privacy legislation that puts people back in control of their data.”