In a letter to nine Republican senators, TikTok said it's working to "remove any doubt about the security of US user data." CEO Shou Zi Chew reiterated a claim that TikTok stores American user data on servers run by Oracle, which will be audited by a third party. Chew also said the company expects to "delete US users' protected data from our own systems and fully pivot to Oracle cloud servers located in the US."
"[We] are working with Oracle on new, advanced data security controls that we hope to finalize in the near future," Chew wrote in the letter, which was obtained by The New York Times. "That work puts us closer to the day when we will be able to pivot toward a novel and industry-leading system for protecting the data of our users in the United States, with robust, independent oversight to ensure compliance."
Chew was responding to questions in a letter sent by the Republican senators — including Roger Wicker, the ranking Republican member of the Senate Commerce Committee — following a report by BuzzFeed News. The publication reported last month that China-based engineers of ByteDance, TikTok's parent company, accessed non-public data on users in the US between at least September 2021 and January 2022.
The report also prompted Brendan Carr, the Federal Communication Commission's senior Republican commissioner, to call on Apple and Google to remove the TikTok app from their stores. Carr requested a response from the companies by July 8th if they choose not to remove TikTok from the App Store and Play Store, respectively.
In the letter, Chew refuted much of BuzzFeed News' reporting, though conceded that ByteDance workers outside the US can access American user data "subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team. In addition, TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data's classification and requires approvals for access to US user data."
Legislators have been raising security concerns about TikTok over the last few years. In August 2020, then-president Donald Trump signed an executive order that would have made it difficult, if not impossible, for the app to operate in the US. The following month, Trump approved, in principle, a deal that would see Oracle and Walmart take a stake in a new company that would run TikTok's business in the US. Microsoft was also in the running to secure a deal.
A federal judge struck down Trump's order just before it was supposed to take effect. President Joe Biden rescinded the order in January 2021, but signed a separate one that required a security review of that app and WeChat. The following month, the Oracle and Walmart deal was reportedly put on hold indefinitely.