A common idea in the Western world, especially the United States, is that TikTok is spying on American (and others) citizens for the PRC. I decided to ask ChatGPT to gather some information about this allegation for me, because I’d rather not search through a bunch of MSM articles with shallow sourcing.

Q: What evidence is there to suggest that TikTok is sharing data with the Chinese government?

There have been concerns raised by various governments and organizations about TikTok’s data practices and whether they are sharing user data with the Chinese government. However, it is important to note that TikTok has repeatedly denied these claims and has stated that it stores all US user data in the United States and Singapore, with backups in the United States and other countries.

Here are some pieces of evidence that have been cited to support the claim that TikTok is sharing data with the Chinese government:

  1. Chinese ownership: TikTok is owned by ByteDance, a company based in China. This has raised concerns that the Chinese government could have access to user data through ByteDance.

  2. Chinese laws: Chinese national security laws require companies to provide access to data to Chinese authorities upon request. Critics argue that this could apply to TikTok and that the Chinese government could potentially use TikTok to access user data.

  3. Data collection practices: TikTok collects a large amount of data on its users, including their location, device information, and search history. Critics argue that this data could be used to create detailed profiles of TikTok users, which could be of interest to the Chinese government.

  4. TikTok’s response to government requests: There have been reports that TikTok has complied with government requests for user data. For example, in 2019, TikTok was fined by the US Federal Trade Commission for violating child privacy laws, and there have been reports that TikTok has provided data to the Chinese government in response to censorship requests.

It is important to note that while these pieces of evidence have raised concerns about TikTok’s data practices, there is no definitive proof that TikTok is sharing user data with the Chinese government. TikTok has repeatedly denied these claims and has stated that it stores all US user data in the United States and Singapore, with backups in the United States and other countries.

So there’s no evidence that alleges TikTok has ever shared data with the Chinese government. A lot of weight is being placed on the natsec laws in China “potentially” giving China access to data.

Q: Where does TikTok store user data, and why would the Chinese government be able to access it?

TikTok stores user data in various locations depending on the region where the user is located. For example, in the United States, TikTok stores user data in the United States and Singapore, with backups in the United States and other countries. In Europe, TikTok stores user data in Ireland and Singapore.

The concern is that TikTok is owned by a Chinese company, ByteDance, and that the Chinese government has a history of using its national security laws to access data from Chinese companies. This has raised concerns that the Chinese government could potentially access user data collected by TikTok.

Although TikTok has repeatedly stated that it does not provide user data to the Chinese government and that it stores user data outside of China, critics have argued that the Chinese government could still access the data through ByteDance or other means.

It is worth noting that TikTok has faced scrutiny and legal challenges over its data practices in various countries, including the United States, where it has faced accusations of collecting and sharing user data with the Chinese government. TikTok has denied these allegations and has taken steps to address these concerns, such as hiring a Chief Information Security Officer and establishing a transparency center to allow external audits of its data practices.

So the data is stored between the EU, Singapore, and the US. This leads me to two questions:

Q: Has Bytedance accessed data from TikTok before?

There is no evidence to suggest that ByteDance, the Chinese parent company of TikTok, has accessed user data from TikTok. TikTok has stated that it stores user data outside of China, and that its data practices are separate from those of ByteDance.

However, there have been concerns raised about the potential for ByteDance to access user data from TikTok. Some critics argue that ByteDance could potentially access user data through its ownership of TikTok or through other means, despite TikTok’s claims that user data is stored separately from ByteDance.

To address these concerns, TikTok has established a transparency center to allow external audits of its data practices, and has hired a Chief Information Security Officer to oversee its data security practices. TikTok has also stated that it does not provide user data to the Chinese government, and that it would refuse any such request if it were made.

Overall, while concerns remain about the potential for ByteDance to access user data from TikTok, there is no evidence to suggest that this has actually occurred. TikTok has taken steps to address these concerns and to assure users that their data is being stored and protected appropriately.

So no, there is no evidence to suggest this. TikTok doesn’t share data storage processes with its parent company (which is the norm within the social media industry). TikTok also bent to pressure to open more transparency into their data collecting processes.

Q: Has China ever asked for user data from companies outside of China?

There have been cases where the Chinese government has requested data from companies outside of China, although the extent and nature of these requests are not entirely clear. [Kaffe: so no evidence…] Chinese national security laws require companies operating in China to provide access to data to Chinese authorities upon request, and this has raised concerns about the potential for Chinese authorities to access data from Chinese-owned companies operating outside of China.

One well-known example of China requesting data from a company outside of China is the case of Apple and its iCloud service in China. In 2018, Apple announced that it would be partnering with a Chinese company to store Chinese iCloud users’ data on servers located in China, in compliance with Chinese regulations. This raised concerns that the Chinese government could potentially access user data stored on these servers.

Another example is the case of LinkedIn, which was temporarily blocked in China in 2017 after the company refused to comply with requests to censor content on its platform. LinkedIn had previously agreed to censor content in compliance with Chinese regulations, but the Chinese government reportedly requested that LinkedIn censor additional content that was deemed politically sensitive.

It is worth noting that the extent of the Chinese government’s requests for data from companies outside of China is not entirely clear, as these requests are often confidential and not publicly disclosed. However, the concerns around data privacy and the potential for the Chinese government to access user data from Chinese-owned companies operating outside of China remain a point of contention.

So China has allegedly asked for data stored within China, evidence for such requests has not surfaced. It has raised questions, but no answers, to whether China can use these laws to access any data outside of China. Apple stored Chinese user data in China, because it was required to by Chinese regulation, but there is no evidence to suggest that China has requested to access this data. China asked LinkedIn to censor content (publicly available) according to Chinese regulation.

Q: What Chinese law allows the government to access user data held within China?

The Chinese law that allows the government to access user data held within China is the National Intelligence Law of the People’s Republic of China, which was enacted in 2017.

Article 7 of the National Intelligence Law states that “any organization or citizen shall support, assist, and cooperate with the state intelligence work in accordance with the law, and keep the secrets of the national intelligence work known to the public.” This means that any Chinese organization, including internet companies, may be required to provide assistance and cooperation to national intelligence agencies.

Additionally, the Cybersecurity Law of the People’s Republic of China, which was enacted in 2016, requires network operators in China to cooperate with the government on matters related to national security and public safety. This law also requires network operators to store certain types of data within China.

These laws have raised concerns among foreign companies and governments about the potential for the Chinese government to access sensitive data held by these companies within China. The Chinese government has stated that its laws are necessary for national security and that they are not intended to target foreign companies or individuals.

So internet companies have to work with Chinese authorities on matters of natsec and public safety. There is still no evidence that any of this includes accessing user data that isn’t already available through the public interface of these services. We do know of a case of Facebook within China where the government asked for FB to censor information about riots occurring in the Xinjiang province. So Facebook refused to work with the Chinese government on matters of public safety and natsec, so it was suspended.

Q: Is Facebook required to work with American intelligence agencies?

Yes, Facebook, as a company based in the United States, is required to work with American intelligence agencies when requested to do so. Like all US-based companies, Facebook is subject to US laws, including those related to national security and surveillance.

The US government has the legal authority to compel Facebook and other companies to provide access to user data under certain circumstances, such as when investigating national security threats or when conducting criminal investigations. The USA PATRIOT Act, which was enacted after the September 11, 2001 terrorist attacks, expanded the government’s surveillance powers and gave it broader authority to obtain user data from companies.

Additionally, Facebook and other companies are required to comply with court orders and warrants issued by the US government, which may require them to provide access to user data.

It’s worth noting that Facebook has publicly stated that it carefully scrutinizes all government data requests and only complies with those that are legally valid and within the scope of the law. The company also publishes transparency reports detailing the number and types of government requests for user data that it receives.

Heh… So following Patriot Act regulation, companies based in America like Facebook are required to share data with the US government. Does this apply to companies operating in the US but that are not owned by US firms?

Q: Has TikTok shared user data with the US government?

TikTok has shared user data with the US government in response to lawful requests made under US law.

In September 2020, the US Department of Commerce issued an order that would have effectively banned TikTok from operating in the United States over concerns about national security and the potential for the Chinese government to access user data. However, this order was put on hold after TikTok filed a lawsuit challenging its legality.

As part of the legal proceedings, TikTok has provided user data to the US government in response to lawful requests made under US law. In a court filing in October 2020, TikTok disclosed that it had received over 150 million user data requests from US law enforcement agencies, and that it had provided data in response to approximately 91% of these requests.

It’s worth noting that TikTok has stated that it stores US user data in the United States, and that it has implemented technical measures to prevent the Chinese government from accessing this data. Additionally, TikTok has announced plans to establish a transparency center in the United States to allow external audits of its data practices.

Overall, while TikTok has shared user data with the US government in response to lawful requests, the company has stated that it takes the privacy and security of user data seriously and has implemented measures to protect user data from unauthorized access.

Okay so there is no evidence that TikTok has shared any data with the Chinese government, but it has provided access to 91% of the 150 million data requests from the US government. There’s very little evidence suggesting that China is spying on users around the world through TikTok, not even evidence that TikTok shared data with Chinese authorities voluntarily, but it is a fact that TikTok has shared data with the US government. In fact, the reason why TikTok is storing data in the EU is due to EU regulations that require user data to be stored in the EU. TikTok has also complied with Irish authorities by allowing them access to TikTok’s data collecting practices and even shared data with them.

This is the evidence (or lack thereof) that the US is using to justify the Restrict Act which according to the Responsible Statecraft (Liberal think tank):

The bill would grant the executive branch unprecedented new national security powers over commerce in information and communication technologies, and by extension, speech.

Where:

Domestically, Section 11 of the bill establishes draconian penalties for American citizens who violate it by attempting to evade or help others to evade new restrictions on foreign-owned information and communications technologies. While it is somewhat ambiguous how far this could go, it could lead to American citizens being prosecuted for accessing information on foreign-owned technology platforms such as WeChat.

And:

The ACLU has already stated its opposition to the bill on freedom of expression grounds.