A member of the Federal Communications Commission is renewing calls for Apple and Google to remove TikTok from their app stores, citing national security concerns surrounding TikTok’s Chinese-based parent company, ByteDance.
In a June 24 letter to the CEOs of Apple (AAPL) and Google (GOOGL), FCC Commissioner Brendan Carr described ByteDance as “beholden” to the Chinese government and “required by law to comply with [Chinese government] surveillance demands.” Citing a recent BuzzFeed News report that ByteDance’s Chinese staff had accessed US TikTok users’ data on multiple occasions, Carr said the allegations showed how TikTok is “out of compliance with the policies that both of your companies require every app to adhere to.”
Apple and Google didn’t immediately respond to a request for comment. In a statement, TikTok called the BuzzFeed report “misleading.”
“Like many global companies, TikTok has engineering teams around the world,” TikTok said. “We employ access controls like encryption and security monitoring to secure user data, and the access approval process is overseen by our US-based security team. TikTok has consistently maintained that our engineers in locations outside of the US, including China, can be granted access to U.S. user data on an as-needed basis under those strict controls.”
In a statement, Buzzfeed News said it “stands categorically behind our reporting that US user data was accessed by China-based TikTok employees far more frequently than previously known, and we’re glad that TikTok even confirmed this in its own statement.”
For years, US officials have expressed concerns that Chinese government access to US users’ data or communications could put national security at risk. But whether Carr’s plea will work is uncertain.
The FCC plays no role in regulating internet-based services such as app stores, and prior efforts by the US government to ban TikTok from US app stores have faltered amid court challenges. Decisions about how and whether the FCC should act would require buy-in from Chairwoman Jessica Rosenworcel, who leads the independent federal agency.
The same day as the BuzzFeed report, TikTok announced that it had migrated its US user data to Oracle cloud servers based in the United States, and that it would eventually be deleting backups of its US user data from its own proprietary servers.
Carr wrote in his letter that he was not assured by the announcement. “TikTok has long claimed that its U.S. user data has been stored on servers in the U.S. and yet those representations provided no protection against the data being accessed from Beijing,” he said. “Indeed, TikTok’s statement that ‘100% of US user traffic is being routed to Oracle’ says nothing about where that data can be accessed from.”