TikTok engineers would have entry to the personal information of American customers

Employees of ByteDance, the parent company of the social network TikTok, would have access to the data of American users, reveals the investigation conducted by BuzzFeed News published on June 17.

Recordings of internal meetings

The media had access to more than 80 recordings of internal meetings in which 9 employees of the Chinese company said that they could dissect information that was not public in the period from September 2021 to January 2022. These claims are not surprising, but contradict the discourse that was held by TikTok for several months when it wanted to convince users of the risks of disclosing their personal data to Chinese authorities.

It was this fear that the Trump government expressed when it wanted to force ByteDance to cede its business in the United States to a U.S. company under a ban on app bans. A soap opera that eventually ended with the suspension of ByteDance’s contract with Oracle and Walmart. Much below the promises of the Trump administration, it was not a takeover, but a cloud hosting agreement. Indeed, stored on American soil, the data of American users should, in theory, be protected from any predation by Beijing.

Fear of campaign influence

The fears of the American authorities are twofold: that the Communist Party of China can access the data of Americans through ByteDance, and that the algorithm of the application affects users by highlighting certain videos. U.S. Sen. Ted Cruz described TikTok as “A Trojan horse that the Chinese Communist Party can use to influence what Americans see, hear and ultimately think“.

Faced with this defiance, TikTok has repeatedly said in blog posts and public statements that it physically stores the data of its American users in a data center in Virginia, with backups in Singapore. The company says that in this way, the data would not be subject to Chinese laws, some of which require domestic companies to disclose data to the competent authorities, similar to the CLOUD law in the United States.

Therefore, these statements are false. Because the data will be available from China, even though it is on American soil.

Contract with Oracle on data storage in the United States

Coincidence of the calendar, or not, on the same day this poll was published, TikTok announced that “100% traffic from US users“has now been redirected to Oracle’s data centers in the United States. The backup is still running in Singapore, but”as we continue our work, we plan to remove US private data from our data centers and completely move to Oracle cloud servers located in the US“.

However, based on records reviewed by BuzzFeed, the status of data stored exclusively on U.S. soil is unclear. TikTok’s product and user operations manager said that “unique identifiers“will not be considered protected information under the agreement with Oracle.

What does he mean by “unique identifier“It’s unclear in this circumstance. It can refer to an identifier for a particular TikTok account or for a device. Unique device identifiers are mostly used by technology companies – such as Google and Facebook – to link user behavior through applications.

In any case, BuzzFeed claims, Oracle gives TikTok “significant flexibility in the way his data center is managed“Indeed, TikTok’s head of global cyber defense and data has made it clear that while Oracle will provide storage space for physical data, TikTok will control the software layer.”It is almost incorrect to call it Oracle Cloud, because they only give us bare metal, and then we build our virtual machines on it.“He said.

Two surveys at European level

The United States is not the only one who cares about the fate of personal data that passes through the application. Last September, the Data Protection Commission (DPC) – the equivalent of the National Commission for Computing and Freedom (CNIL) in Ireland – announced the opening of two investigations into TikTok. One refers to the processing of data of users under the age of 18, and the other refers to the transfer of personal data to China. They are still ongoing.

Leave a Comment