TikTok repeatedly refused to commit to US lawmakers on Wednesday that the short-form video app would cut off the flow of US user data to China, promising instead that the outcome of negotiations with the US government “will satisfy all national security concerns.”
Testifying before the Senate Homeland Security Committee, TikTok CEO Vanessa Pappas first sparred with Sen. Rob Portman about details of TikTok’s corporate structure before being confronted — twice — with a specific request.
“Will TikTok commit to cutting off all data and data flows to China, China-based TikTok employees, ByteDance employees, or other parties in China that may have access to information about US users?” Portman asked.
The issue reflects bipartisan concerns in Washington about the possibility that US user data could find its way to the Chinese government and be used to undermine US interests, thanks to a national security law in that country that forces companies located there to cooperate with data requests. US officials have expressed fears that China could use Americans’ personal information to identify useful potential agents or intelligence targets, or to inform future misinformation or disinformation campaigns.
TikTok does not operate in China, Pappas said, although it has an office in China. TikTok is owned by ByteDance, whose founder is Chinese and has offices in China.
US concerns about TikTok were renewed after a BuzzFeed News report in June, based on leaked meeting audio, said ByteDance employees had accessed US user data on multiple occasions. In a subsequent letter to lawmakers, TikTok acknowledged the possibility of China-based individuals accessing US user data, but highlighted cybersecurity controls that were “monitored by our US-based security team.”
Pappas confirmed in Wednesday’s hearing that the company has said, on record, that its Chinese employees have access to US user data. She also reiterated that TikTok has said that they “under no circumstances … will give this data to China” and denied that TikTok is in any way influenced by China. However, she avoided saying whether ByteDance would retain US user data from the Chinese government or whether ByteDance could be influenced by China.
Asked by Portman on Wednesday to respond to the BuzzFeed article again, Pappas said, “those allegations were not found,” without identifying a specific allegation. She then added: “There was talk [in the article] of a main account, which does not exist in our company.”
The BuzzFeed article mentions a “Beijing-based engineer as a ‘Master Admin’ who has ‘access to everything'”, but is ambiguous as to whether this engineer is a ByteDance or TikTok employee.
“Again, we take this incredibly seriously in terms of maintaining the trust of American citizens and ensuring the security of American user data,” Pappas said. “On access and controls, we’re going to go above and beyond in leading initiative work with our partner, Oracle, and also to the satisfaction of the US government through our work with [the Committee on Foreign Investment in the United States]about which we hope to share more information.”
Portman then pressed Pappas again to commit to “cutting off all data and metadata flows to China,” but Pappas simply promised that “our final agreement with the U.S. government will satisfy all national security concerns.”
Pappas later testified to Missouri Republican Senator Josh Hawley that the entire content of the BuzzFeed article was false.
“We completely disagree with the categorization in that article,” she said.
TikTok has previously said it has moved its US user data to cloud servers managed by Oracle, from servers TikTok controlled in Virginia and Singapore, and that it would eventually delete backup copies of US user data from those proprietary servers. It is also in ongoing talks with CFIUS, a multi-agency US government body with national security jurisdiction, about its future handling of US data.