top of page

TikTok Articulates Heightened Data-security Standards, But What Will Regulators Think?

Credit: Jaynati Devi

Facing increased scrutiny, TikTok has outlined portions of its U.S.-based transparency plan in meetings with key political figures during a public-relations push in Washington, D.C. The plan, named Project Texas, will reportedly cost $1.5 billion and calls on the software company Oracle Cloud to serve as TikTok’s U.S.-based host to review TikTok’s data-flows and guard against malfeasance and security vulnerabilities.

TikTok was the most-downloaded application in the world in 2022. Despite the app’s meteoric rise in popularity, public universities across the United States, including Auburn, Oklahoma State, and the University of Texas, Austin, have implemented campus-wide WiFi bans of the app. Twenty-seven states have introduced laws to bar their state employees from downloading TikTok to their cell phones. At the federal level, a ban on using TikTok on federal-government employee devices will go into effect in late February. These bans generally note a belief that TikTok, or ByteDance, its parent company, provides TikTok-collected data to the Chinese government, citing a December 2022 revelation that ByteDance employees used TikTok’s geolocation data to track journalists in China.

While TikTok has been in negotiations for two years with the Committee on Foreign Investment (CFIUS), an executive-level group nestled under the Department of Treasury tasked with reviewing foreign-investment transactions through a national security-focused lens, Congress has recently demonstrated an impatience with the CFIUS talks. In late January, the House of Representatives’ Energy and Commerce Committee announced TikTok CEO, Shou Zi Chew will testify in a March hearing before the Committee about the app’s “consumer privacy and data security practices, [its] impact on kids, and [its] relationship with the Chinese Communist Party." In addition, the House Foreign Affairs Committee will hold a vote at the end of February that would provide President Biden with a legal plan to ban TikTok due to national-security concerns.

Project Texas

To quash these concerns, TikTok pushed details of its so-called Project Texas, emphasizing its heightened data-security practices, in hopes the transparency will assist its ongoing CFIUS negotiations and public-image issue.

Lawfare has spelled out key details of TikTok’s so-called Project Texas, which include the company’s emphasis on data security. Per the plan, the company will increasingly rely on TikTok’s 2022-created subsidiary, U.S. Data Security Inc., which appears to serve as a domestic replication of the company’s operational functions. Notably, USDS’ Board of Directors will report to CFIUS (not to TikTok or ByteDance), and USDS will house the TikTok teams that have access to the data of the app’s U.S.-based users, software code, backend systems, and content-moderation team. CFIUS will also develop USDS-specific hiring requirements. As of now, USDS employees must be either U.S. citizens or green-card holders, and the U.S. government will be able to require additional background-based checks and to block the hiring of a potential employee. TikTok plans to work extensively with Oracle Cloud, which will serve as the U.S.-based host for the app and monitor incoming and outcoming data-flows for any data breaches or incongruities. Oracle will also work with a to-be-appointed third-party inspector to review all TikTok software and code before its in-app deployment. TikTok notes that the data of all U.S.-based users are already stored with Oracle Cloud and that Oracle has been conducting an initial review of its source code since August 2022. TikTok also claims that it plans to hire a data-deletion auditor to confirm that all U.S.-based user data, held on any TikTok servers abroad prior to USDS’ creation, has been deleted.

Precedent for other international apps

CFIUS’ review of popular apps is not a new concept. In 2020, a China-based company sold its popular queer social-media app, Grindr, to a U.S.-based company after CFIUS expressed concern about the Chinese government's access to sensitive user data, such as HIV status, and told the Chinese company that their ownership constituted a threat to U.S. national security. As a result, popular international apps, particularly those owned by perceived adversaries of the U.S., such as WeChat, SHAREit, Alibaba, Call of Duty: Mobile, YooMoney, and VKontakte,

are carefully watching TikTok’s treatment as a case study of how the United States will handle regulation of the app, and whether they can balance perceived national-security issues against an app’s extraordinary popularity.

Impact of advertising revenue

TikTok has become the app of choice for many, and advertising spending reflects that.

Brands are aware of the influence that TikTok has on the market and its access to a newfound audience through the app’s highly curated algorithm. While advertising spending has slowed or even decreased on once-popular Facebook and Instagram, spending has continued to tick up on TikTok. As DigiDay notes, “marketers get a sound on, full screen video ad opportunity when they advertise on the app, which effectiveness research shows is most impactful” especially when an estimated 40% of TikTok users are not on Facebook.

*The views expressed in this article do not represent the views of Santa Clara University.


bottom of page