Child holding smartphone with TikTok application showing FTC investigation over data practices

TikTok Data Practices Under Fire as US Lawmakers Amplify Calls for FTC Investigation

Congressional interest in TikTok’s data practices and the level of access Beijing employees have to US user data is increasing, with the heads of the Senate Intelligence Committee issuing a bipartisan call for an FTC investigation.

Once an issue that was largely thought to be a partisan Republican interest, a recent leak of audio meetings in which TikTok staff appear to admit to previously undisclosed data practices has drawn the interest of some prominent Democrats. Senator Mark Warner of Virginia, head of the Intelligence Committee, joined counterpart Senator Marco Rubio of Florida and other members of Congress in addressing a letter to FTC head Lina Khan calling for an investigation.

Congress is seeking more information after the leaks revealed that US TikTok staff appear to hand off tasks to staff in China due to lack of knowledge, and that Beijing-based engineers have access to “everything” on the platform.

FTC investigation sought to address “misrepresentations” by TikTok of data security, data processing, corporate governance practices

The issue stems from the last time TikTok had negative attention from the US government focused on it, a Trump administration campaign against the app during the 2020 run-up to the most recent presidential election. The issue beginning with Trump campaign ads that called out TikTok may have slanted Democrat perceptions of the situation, viewing it as part of Trump’s variety of spurious claims about election interference.

The Trump administration eventually called for a ban on the app, giving it several months to find US-based ownership within several months to avoid being pulled from app stores. A court case by TikTok owner ByteDance and a proposed purchase by Oracle delayed the issue enough to push it past the election, and put the ball in the court of the incoming Biden administration (which appeared to largely drop the issue and allow TikTok to continue on with business as usual).

One restriction on TikTok did emerge from that contentious period, however: the company pledged to segregate the date of US users from its central operations in China, keeping it beyond the potential reach of the Chinese government. Much of the US government confidence in easing up on TikTok stemmed from this promise, helping to head off similar calls for an FTC investigation in 2020.

But leaked audio from over 80 internal TikTok meetings, which emerged in June and were provided to Buzzfeed News reporters by an anonymous source, appeared to contradict these promises of siloed data practices. The leaked meetings were from the period of September 2021 to January 2022, and refer specifically to US TikTok employees having to consult with counterparts in China to handle domestic data flows due to lack of knowledge. There were also scattered references to engineers in China being able to access anything across the company’s systems, and contractors performing internal audits raised suspicions of “backdoors” in the platform.

Valid questions about TikTok data practices raised, but prospects of an investigation still unclear

An FTC investigation is entirely at the agency’s discretion, but this would not be the first time that it has probed TikTok over its data practices. The app was under examination in 2019 over its history of handling the data of underage users, dating back to its inception as “Musical.ly” several years earlier. That investigation was settled, however, with TikTok paying a $5.7 million fine and pledging to change how it handled the accounts of users under the age of 13. TikTok was also hit with a class action lawsuit related to the FTC investigation, which it settled in 2021 with a $92 million payment to the claimants.

TikTok issued a statement in June (just prior to the audio leaks) indicating that it had completed migrating US user data to servers owned by Oracle. It maintains some backups of this data overseas in Singapore, but has pledged to move those to the US in time as well. Chief Executive Shou Zi Chew has also told Congress that the company has “new advanced data security controls” maintained by Oracle in the works that would be available in the “near future.”

The timeline of the leaks and their content makes it possible that TikTok was not dealing in bad faith in its data practices, but ran into technical expertise issues that it felt could only be resolved by looping in ByteDance’s most experienced China-based engineers to handle. At minimum the company overstated the level of security that US user data had, however, and questions of data access in China are always sensitive due to the CPC government’s requirement that companies based there make all of this sort of data available to it upon request. An FTC investigation would no doubt focus on exactly what these points of access to US user data were and seek information about how they were used.

Another point of data practices-related concern that would likely be raised by an FTC investigation is the possibility of Beijing being able to directly influence algorithms in the US version of the app, something that some members of Congress fear could be abused by the Chinese government for propaganda purposes. TikTok has told the Senate Intelligence Committee that corporate governance decisions in the US are “wholly firewalled” from ByteDance leadership in Beijing. The company also recently stated to media outlets that it has never shared US user data with the Chinese government, nor would it if asked.