Two senators ask for FTC investigation into TikTok over US data access

The U.S. Senate Intelligence Committee chair and a top Republican have called on the Federal Trade Commission (FTC) to investigate social media app TikTok and Chinese parent ByteDance due to “repeated misrepresentations” over its handling of U.S. data.

The request on Tuesday from Senator Mark Warner, a Democrat, and Republican Marco Rubio followed a Buzzfeed report saying the short video app permitted TikTok engineers and executives in China to repeatedly access the private data of U.S. users. The senators said such access raised questions over TikTok’s claims to lawmakers and users that the data was protected.

“In light of repeated misrepresentations by TikTok concerning its data security, data processing, and corporate governance practices, we urge you to act promptly on this matter,” the senators wrote FTC Chair Lina Khan.

TikTok said Tuesday that access to data “is subject to a series of robust controls, safeguards like encryption for certain data, and authorization approval protocols overseen by our U.S.-based leadership/security team.”

The company responded to the senators’ letter by reiterating “TikTok has never shared U.S. user data with the Chinese government, nor would we if asked.”

The FTC confirmed it had received the letter but declined further comment.

Last week, TikTok told U.S. senators it was working on a final agreement with the Biden Administration that would “fully safeguard user data and U.S. national security interests.”

TikTok acknowledged in a letter Thursday that China-based employees “can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”

TikTok Chief Executive Shou Zi Chew told senators it was working with Oracle Corp on “new advanced data security controls that we hope to finalize in the near future.”

The senators’ letter cited a BuzzFeed news story about leaked internal recordings that said China-based employees of ByteDance had at the “very least” access to U.S. data.

TikTok’s letter Thursday said it had not misled Congress about its data and security controls and practices.

Last month, TikTok said it had completed migrating information on its U.S. users to servers at Oracle but it was still using U.S. and Singapore data centers for backup.

It has been nearly two years since a U.S. national security panel ordered parent company ByteDance to divest TikTok because of fears that U.S. user data could be passed on to China’s communist government.

TikTok is one of the world’s most popular social media apps, with more than 1 billion active users globally, and counts the United States as its largest market.