Should Your Business Ditch TikTok? – ADCG’s Practical Guidance on TikTok Bans

The U.S. Congress House Energy and Commerce Committee is scheduled to meet with TikTok CEO Shou Zi Chew next month to discuss its fate in the U.S. The hearing is just the latest regulatory scrutiny of TikTok’s ownership by Beijing based ByteDance. On January 25, 2023, Senator Josh Hawley introduced the No TikTok on United States Devices Act, which would ban the app entirely from all electronic devices in the United States, and on February 2, 2023, Senator Michael F. Bennet (D Colo.), issued a letter to the Chief Executive Officer (CEO) of Apple and Google, calling on them to remove the app from their app stores.

TikTok’s troubles began  in 2020, when it gained popularity in the U.S.—and the attention of President Trump, who tried to force ByteDance to sell TikTok to a U.S. based company with an Executive Order. Though he was unsuccessful, the Biden Administration has been no friendlier to TikTok, and at the end of 2022 signed legislation banning the application from phones and computers issued by federal agencies. And then there’s the proposed federal legislation, known as “Project Texas,” that would require TikTok to store all U.S. based user data on domestic servers owned by the American software company, Oracle—though the Washington Post notes that TikTok has claimed to have already been routing all U.S. data to cloud services run by Oracle—and more than two dozen state laws banning the app on their employees’ and students’ devices.

Why the Controversy?

According to Brookings, these bans will not increase the safety of Americans because, “the information collected by TikTok is like that compiled by many companies that host consumer facing products.” In fact, according to the Washington Post, applications like Facebook and Google collect more information about the consumer than TikTok does.

But the crux of the problem is that the U.S. is concerned with Chinese owned companies being required to comply with Chinese laws.

At a panel on technology and national security at the Chatham House in Long, Deputy Attorney General Lisa Monaco stated she did not use TikTok because the Chinese government requires their companies to share their data with the government. Though, as the Washington Post points out, “TikTok says it has not shared American user data with the Chinese government, nor would it do so if asked,” the same cannot be said for its parent company. 

TikTok’s Response

TikTok has addressed security concerns by moving U.S. based user data to U.S. based servers. They’ve undertaken similar endeavors in Europe and, according to a statement to AP News by Rich Waterworth, TikTok’s general manager for European operations, the company is “at an advanced stage of finalizing a plan” to establish two more European data centers that will hold all European generated TikTok data within this year.

Despite these promises, the U.S. government’s issues with the platform paint a bleak picture for the platform. In order to protect consumer privacy, U.S. businesses should abstain from sharing any consumer—or proprietary business—data with TikTok, and refrain from allowing the app to access business devices that contain or have access to such data.

* * * * * * *

To read our news alerts discussing: the EDPB’s Decision on the Trans-Atlantic Privacy Framework, California’s challenge to the ADPPA, and Australia’s Privacy Act review, click here.

This week’s breach report covers the following organizations: U.S. Marshalls Service, Evergreen Treatment Services, News Corp. Click here to find out more.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

87 | Artificial Intelligence & Chatbots…Helpful or Harmful? (with guest Heather West)

86 | Using Tools to Help Manage Incident Response (with guest Lauren Wallace)

85 | How Incident Response Has Changed (with guest Violet Sullivan)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.