TikTok has hit back at a report claiming its efforts to silo the data of US users is “largely cosmetic, saying this is “factually inaccurate” and based on the testimonies of “disgruntled former employees”.
A Fortune story this week cited a number of former TikTok employees claiming that TikTok’s efforts to separate US users’ data from its China-based parent company ByteDance is not as effective as it has stated, and that some US-based TikTok workers are reporting directly to China-based executives and transferring data to them.
Following the report, TikTok published a lengthy response on X denying the claims made in it and criticising the reporter behind it.
The report relates to TikTok’s Project Texas, which involved it enlisting Austin-based tech firm Oracle as its “technology partner” and transferring the data of its US users onto Oracle’s cloud infrastructure.
This was in response to an impending ban in the US under former-President Donald Trump’s executive order, and was meant to mean that US data could not leave the US at all, and couldn’t be accessed by China-based ByteDance workers.
But a number of ex-TikTok employees have said this was not actually the case, with US-based workers still in close contact with ByteDance employees and the data of hundreds of thousands of Americans being sent to workers based in its Chinese offices.
Evan Turner, who worked as a data scientist at TikTok from April to September in 2022, told Fortune that he was assigned a manager “on paper” in the US but in actuality was reporting to executives in China as part of a “stealth chain of command”.
Turner said that about every fortnight he would email spreadsheets containing the data of hundreds of thousands of American users to ByteDance workers in Beijing.
The spreadsheet included users’ names, email addresses, IP address and geographic and demographic information.
This was used by TikTok to develop its algorithm to try to get users to spend more time on the app.
Another ex-employee, former head of business marketing Katie Puris, said TikTok’s US operations were never truly independent from ByteDance.
TikTok responds
After the report was published, TikTok posted a response on X, labelling it “factually inaccurate”.
“Our secure environment for protected US user data was isolated in January 2023 and is overseen by USDS [US Data Security unit] personnel,” TikTok posted.
“After that point, new protected US user data was inaccessible to anyone outside of USDS, including ByteDance and TikTok globally. Limited exceptions exist for legal and compliance purposes.”
TikTok accused the former employees cited in the report of lying.
“Everything cited in this article is based off of information prior to the set-up of USDS and relies on fabrications from individuals who had no access or insights into data privacy and security practices,” it said.
“The piece deliberately distorts timelines, omits basic facts and relies on disgruntled former employees as its primary sourcing.
“If this reporter had done any research into what actually occurs at TikTok, she would know that the scenarios laid out are not only forbidden by policy, but are also subject to controls in place that prevent data sharing.”
Looming bans
There have been concerns over ByteDance’s connections with Chinese authorities for several years, and at the prospect of national security laws forcing user data to be passed on to the Chinese government.
A bill that would ban TikTok in the US if ByteDance does not divest from it in America passed the House comfortably in March, but faces an uphill battle in the Senate.
In Australia, the government has said it has no plans to attempt something similar, but has already banned TikTok from all public service devices.
TikTok has previously been forced to deny it would give Australian user data to the Chinese government if this was requested.
