Lawmakers Blast TikTok CEO Over Data Privacy

TikTok’s CEO Shou Chew endured a barrage of questions about the app’s privacy from lawmakers for several hours Thursday, trying to assuage concerns that China was using the app to spy on American users. 

When Rep. Neal Dunn, R-Fla., who asked Chew whether Bytedance, TikTok’s China-based parent company, “has spied on Americans at the direction of the Chinese Communist Party,” Chew said “no.”

Then Dunn mentioned a Forbes article that highlighted ByteDance’s plans to track the physical locations of some U.S. users, and asked again.

“I don't think that ‘spying’ is the right way to describe it. This is ultimately an internal investigation,” Chew said amid crosstalk, during the House Committee on Energy and Commerce hearing.

The popular short-form video app has been in lawmakers’ crosshairs for years amid national-security concerns that TikTok’s data could be accessed by ByteDance and thence by the Chinese government. The White House recently banned the app from government devices, and Biden administration said it may not have the legal authority to more widely ban the app without Congress, senior officials told the Washington Post. U.S. lawmakers have been mulling such legislation. 

On Thursday, Congressmembers lobbed concerns about child safety on the app, asked for more parental controls, decried misinformation about elections and abortions, called for commitment to American users’ data security, and expressed frustration at the lack of comprehensive privacy legislation. 

More than two hours in, Chew appeared unsettled as lawmakers peppered him with questions, often not leaving enough time for him to respond.

But when Chew did respond, he largely stuck with talking points. He pointed to the company’s Project Texas: hiring cloud provider Oracle to move U.S. users’ non-public data to servers that can only be accessed by U.S.-based employees. 

But that’s not enough for some lawmakers.

Rep. John Joyce, R-Pa., harped on data security and TikTok’s plan to delete data rather than just move it from one server to another.

“We have heard today about the various ways in which the app's code can be used to monitor or track users. And likewise, we've heard concerns that this data may not be fully isolated from access by the Chinese Communist Party. That said, I'd like to know more about the historical nonpublic U.S. personal data that your company has already amassed.

“You have publicly stated that the nonpublic information of TikTok users in the United States is being transferred to an Oracle-based cloud infrastructure because of safety concerns…What’s the outline for dealing with that data that you’ve already amassed?”

Responded Chew: “All new data is already stored by default in this Oracle Cloud infrastructure,” later adding that the effort to move older data should be finished later this year. 

Joyce pressed on, saying TikTok only began planning to delete data after Congress asked about it earlier this month. 

“On March 1 of this year, the committee asked you when you plan to delete nonpublic historical U.S. user data,” Joyce said. “On March 7, just six days later, your attorneys wrote the company, I'm quoting: ‘The company plans to begin the process of deleting nonpublic historic U.S. user data this month, and anticipates that the process will be completed this year.”

“You came up with a supposed plan in the summer of 2022, specifically based on our concerns that the Communist Chinese government was spying on U.S. users, but you only just came up with the idea to delete historic nonpublic U.S. data just two weeks ago?”

Chew said TikTok hired a third-party auditor to help with the process and defended the company’s actions: “Congressman, respectfully, there are many companies that use a global workforce. We are not the only one.”

In written testimony, the CEO said TikTok started deleting “historical protected U.S. user data stored in non-Oracle servers” in March and “we expect this process to be completed later this year.” 

Eventually, “all protected U.S. data will be under the protection of U.S. law and under the control of the U.S.-led security team. Under this structure, there is no way for the Chinese government to access it or compel access to it,” he wrote.