One ByteDance engineer in Beijing was dubbed as “Master Admin” for TikTok.
Regardless of what TikTok publicly says, it appears that the short-form video hosting service has been sharing data from US users with China.
As BuzzFeed reports, audio from more than 80 internal TikTok meetings has been leaked, revealing that engineers working for ByteDance (TikTok’s parent firm) in China had access to everything. Individuals in China had access to the data, according to 14 statements from nine separate TikTok employees.
The evidence is damning, with US employees either not having authorized to access US user data or not knowing how to do so. Instead, they had to rely on someone in China, with at least one ByteDance engineer in Beijing being referred to as a “Master Admin.”
As per nypost, it’s unknown how long US data has been accessible in China, but the leaked audio reveals that it was available at the very least from September 2021 to January 2022. That’s an important point to remember when you’re thinking about it. TikTok released a statement back in 2019, which stated, “We store all TikTok US user data in the United States, with backup redundancy in Singapore. Our data centers are located entirely outside of China, and none of our data is subject to Chinese law.”
While that statement above may be correct, the company also stated “TikTok does not operate in China, nor do we have any intention of doing so in the future,” clearly ByteDance employees in China are treated separately.
In response to the leaked audio, TikTok spokesperson Maureen Shanahan told BuzzFeed:
“We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.”
TikTok announced that it had been working with Oracle for more than a year to “better safeguard our app, systems, and the security of US user data” on the same day BuzzFeed disclosed details of the leaked audio.
All traffic from US customers is now routed through Oracle Cloud Infrastructure, and TikTok aims to remove private data from US users from its own data centers in the US and Singapore. TikTok also explains how it has a new department “with US-based leadership, to solely manage US user data for TikTok.”
By moving to Oracle’s cloud and pledging to manage US data in the United States, it’s safe to assume that no more ByteDance engineers will have access to it. However, it would be stupid of TikTok’s management to believe that this was the end of the matter. If anything, it’s more likely to be just the beginning of fresh inquiry over the company’s practices.