ByteDance's new change will stop Chinese-based staff from accessing TikTok data
While TikTok has seen a massive increase in usage over the last year, many remain skeptical of the app due to its questionable moderation and data practices in times past, and its perceived exposure to the Chinese Government.
Are those concerns valid? It's difficult to say - definitely, various intelligence agencies and governments still harbor some doubts, and defense staff in several nations have been banned outright from using the app due to fears that it could be used to track their activity.
Really, any app that's Chinese owned is going to come under scrutiny - and that's probably fair when you look at the regulations under which they operate.
But can TikTok provide enough assurance that its data are practices are safe?
This week, ByteDance has taken another step in that direction with a new, internal change that will stop Chinese-based staff from accessing TikTok data.
As per PingWest:
"According to sources, the new internal policy means that those employees who are currently in China, working on apps and services for the home market, are now largely stripped of access to "sensitive data" of ByteDance's slew of overseas products, including but not limited to TikTok."
That means that data on users outside of China is now largely not available to Chinese staff.
"Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US."
But of course, "very minimal" is a relative term - a criminal only needs "very minimal" access to my bank account to rob me of everything I have. In this respect, any access at all will likely maintain a level of concern - until TikTok can say, definitively, that it will not provide any TikTok user data to the Chinese Government, under any terms, it's difficult to see it shaking off the stigma. An LA-based transparency center, an American CEO, new data practices - all of this won't alleviate the underlying issue, that TikTok, because it's owned by a Chinese company, will need to provide data to the Chinese Government on request, as per China's cybersecurity laws.
The requirement in question, specifically, is this:
"Article 28 of [China's] Cybersecurity Law states that network operators, have to provide “technical support and assistance” to government offices involved in protecting national security."
So, Bytedance, if requested, would need to provide assistance to the Chinese Government as required, under law in that nation. Some Chinese-based social platforms have been under even more strict monitoring than this, with Baidu, Alibaba, and Tencent all being forced, at different times, to integrate police-embedded cells "in which employees hand over sensitive information without due process".
The concern that TikTok data might end up with the Chinese Government, based on the evidence, is valid, and should be something that's taken into account by all that use the platform.
But as noted, TikTok has been working to dilute this. Aside from the above-noted changes, TikTok has also repeatedly underlined that it does not store American user data in China, further limiting any potential exposure. More recently, a Bytedance spokesman even said that the company was now incorporated in the Cayman Islands, as part of another effort to distance itself from such concerns.
But despite all this, on reading the evidence as it stands, it still seems that it is possible that Bytedance may have to share some TikTok data, in some way, with the Chinese government, if requested. That, combined with questionable processes around moderation (which TikTok says it has resolved) and odd reports of accessing people's microphones when they're not using the app, contribute to the ongoing concerns that using TikTok comes with a level of risk
How relevant that risk is to you specifically will come down to your judgment, and the information you choose to share in the app. At present, there remains some concern, though TikTok is clearly working to reduce data exposure wherever it can.