TikTok confirms that China-based employees can access US user data, but only through an 'approval process'
Travis Clark 43 minutes ago
TikTok confirmed that China-based employees of its Chinese parent company, ByteDance, have access to US user data under certain circumstances in a letter obtained by The New York Times responding to nine Republican senators' inquiries about the matter.
"Employees outside the US, including China-based employees, can have access to TikTok US user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our US-based security team," TikTok's CEO Shou Zi Chew wrote in the letter.
"TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data's classification and requires approvals for access to US user data," Chew added. "The level of approval required is based on the sensitivity of the data according to the classification system."
Sal Rodriguez, who is currently a reporter for The Wall Street Journal, first reported for CNBC last year that ByteDance had access to US data and was closely involved in making decisions for TikTok.
A new light was shined on the privacy and security concerns after BuzzFeed News recently reported, based on audio of internal meetings it obtained, that ByteDance employees had repeatedly accessed US user data over at least a four-month period, and that US-based employees did not have permission to access it.
In a statement to BuzzFeed News for its report, a TikTok spokesperson said, in part: "We know we're among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data."
On the same day BuzzFeed News published its story, TikTok announced that "100% of US user traffic is being routed to Oracle Cloud Infrastructure," rather than being stored in its own data centers in the US and Singapore.
https://www.businessinsider.com/tiktok-confirms-us-user-data-accessed-in-china-bytedance-2022-7