TikTok Shuts Issues on Unsecured User Data

TikTok claims that words in the leak were misinterpreted and highlights the stringent security measures already in place.
SIA Team
July 10, 2022

TikTok denied that its staff in China had access to private user data. The CEO of TikTok strongly refuted a news story that claimed sensitive user data from Americans was handled insecurely and responded to numerous questions from US senators on data access and Chinese government control over TikTok.

According to a BuzzFeed article, staff in China of TikTok were allegedly given full access to sensitive user data at a meeting. Nine US senators wrote to TikTok seeking clarification in reaction to the news item, which prompted the CEO of TikTok to offer a thorough justification.

“Some people working on these projects do not have visibility into the full picture , working on a task without realizing that it’s a single step in a much bigger project or a test to validate an assumption.That’s critical context for the recordings leaked to BuzzFeed, and one thing their reporting got right: the meetings were in service of Project Texas’s aim to halt this data access,” Shou Zi Chew, the CEO of TikTok, responded to the senators in a letter that was later posted as a PDF by the New York Times.

The CEO of TikTok responded by claiming that the app was already compliant with securing user data from Americans and had finished all procedures for locking down that data in collaboration with two significant American businesses.

Project Texas is the name of the security program they are working on alongside Oracle and Booz Allen. The CEO claims that employees on Project Texas work on various aspects of a project and are unaware of its full scale.

He argued that the individuals responsible for the leak were employees who were unaware of other aspects of the project and, as a result, were unaware of the procedures in place to protect the data.

Contrary to spectacular press claims, TikTok already has stringent policies regarding user data access that are overseen by a security team based in the United States.

“Employees outside the U.S., including China- based employees, can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team. In addition, TikTok has an internal data classification system and approval process in place that assigns levels of access based on the data’s classification and requires approvals for access to U.S. user data. The level of approval required is based on the sensitivity of the data according to the classification system.” Chew said.

Up to date, TikTok is still accessible for download from the respective Google and Apple app stores, an indication that both companies are certain TikTok does not breach the privacy terms governing all apps in those stores.