The social media company accessed the private data of American users on multiple occasions, recordings reveal.
Leaked recordings from 80 company meetings at TikTok revealed that the social media giant has repeatedly accessed the private data of US users, Buzzfeed reported earlier in June. The recordings demonstrated that employees of ByteDance, TikTok’s Chinese parent company, accessed American data in China.
In 14 individual statements, nine TikTok employees indicated that engineers at the company had access to this data for at least five months, from September 2021 through January of this year, a Buzzfeed News review concluded.
The company had previously stated that American data from its app stays within the US. “We store all TikTok US user data in the United States, with backup redundancy in Singapore,” a 2019 statement expressed. “Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.”
Even if TikTok stored all of its American data in the US, this does not appear to have stopped Chinese employees from accessing the private data of Americans.
TikTok’s behavior also runs contrary to the sworn testimony of a company executive in front of the US Senate last year. Although the executive claimed that a security team based in the US decides who can access the data, eight employees made nine statements in the recordings detailing situations in which American employees were required to consult with their Chinese colleagues regarding the nature of the flow of US user data. American employees of TikTok had neither the knowledge nor the permission required to access American data themselves, the recordings uncovered.
For those concerned about privacy, the recordings contained a number of alarming comments. “Everything is seen in China,” an anonymous member of TikTok’s Trust and Safety department said. Moreover, a company director made reference to a “Master Admin” engineer in Beijing with “access to everything,” per Buzzfeed.
This is not the first time that Bytedance has sparked concerns over its handling of data. President Trump threatened to ban TikTok in the US due to security issues, and US government employees are forbidden to download the app on government devices. “[TikTok’s] data collection threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information — potentially allowing China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage,” an executive order of the former president claimed.
Despite stating that it does not share data with the Chinese government, the recordings, along with corroborating screenshots, and documents demonstrate that TikTok accessed the data of American users more frequently and recently than what has been thought in the past, Buzzfeed reported.
TikTok is aware of its negative reputation with respect to data and security. “We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” Maureen Shanahan, a TikTok spokeswoman, told Buzzfeed.
TikTok claims it is trying to improve
The company is allegedly attempting to stop the flow of American data to China with its “Project Texas.” In fact, the recordings show that most of the instances that saw Chinese staff accessing US data occurred as part of TikTok’s mission to rid Chinese employees of the ability to access this data, according to Buzzfeed.
We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data”
Maureen Shanahan, TikTok spokeswoman
In a statement released shortly before Buzzfeed’s report, TikTok strove to reassure its users of their safety, explaining that all US traffic now goes directly to Oracle, with US and Singapore data centers being used solely for backup. According to the statement, the company expects to delete all private data from its own data centers and instead have the data stored on Oracle’s servers.
In addition to relinquishing American data, TikTok established a US-based department charged with managing the data of American users.
“These are critical steps, but there is more we can do,” Albert Calamug of TikTok’s US Security Public Policy department said in a statement. “We’re dedicated to earning and maintaining the trust of our community and will continue to work every day to protect our platform and provide a safe, welcoming, and enjoyable experience for our community.”