TikTok admits to being "among the most scrutinized platforms from a security standpoint" in a recent blog post. In this same post, the short video platform assures the public, most especially its American users, of their commitment to data security and user experience, saying 100% of US traffic and data is now sent to the US-based Oracle Cloud Infrastructure.
Audio Records Reveal TikTok Data on US-Based Users Accessed From China, Starts Pivot to Oracle Servers
This statement came shortly before the alarming publicized information that private US user data has been accessed repeatedly from China, where ByteDance, TikTok's parent company, is based. The said report was based on leaked audio recordings of over 80 TikTok meetings, which revealed Chinese access to US data between September 2021 and January 2022 and that US employees do not have their means of access to US user data and need to consult their counterparts in China for this.
Despite these, TikTok USA has already aimed to clear all doubts about its independence from the app's China unit by announcing its recent changes in operations. Last June 2022, they declared that all of its US user data is now stored in Oracle cloud servers located in Texas, US. Their previously utilized data centers in the US and Singapore are still reportedly being used as a backup. However, future plans include deleting private data from these data centers to "fully pivot to Oracle cloud servers located in the US." Even with this, it is still argued that server location does not fully address issues with data access.
A plan internally coined "Project Texas," as revealed in the leaked audio recordings, is TikTok's attempt to altogether stop data access from outside the country and is seen as the primary solution to protect private US user data. Public information such as profiles and posts will. However not be covered by this initiative. Ultimately, what data will be considered protected is still being studied legally.
TikTok also announced establishing a new US-based and US-led department focusing alone on US user data management. These initiated changes are expected to prioritize security further while still keeping TikTok's global community experience and culture. Data transfer outside the country is expected to be kept to a minimum, and added employee protections are to be carried out.
Data Protection Efforts Remain Unclear
Even when all security measures are ironed out, it is certain that access to public data such as public posts, usernames, bios, and even comments remain globally available and will not be stored in the Oracle server. Instead, these will remain in the data center to which ByteDance retains its access. Along with this public information are valuable insights that many experts and politicians believe equally deserving of safeguarding.
TikTok asserts constant coordination with Oracle in their commitment to their users' security. However, peace of mind is slim as the app and its primary tools were built in China. Whatever comes out of TikTok's new operations, the public shall continue to keep a watchful eye on its own privacy for now.