Lawmakers stumble on data privacy as another tech CEO to testify

Congress has plenty of concerns but no legislation yet about Chinese-owned TikTok

House Energy and Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., receives a round of applause during a House Energy and Commerce Committee organizational meeting on Tuesday. (Tom Williams/CQ Roll Call)
House Energy and Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., receives a round of applause during a House Energy and Commerce Committee organizational meeting on Tuesday. (Tom Williams/CQ Roll Call)
Posted February 2, 2023 at 8:07am

House lawmakers are set to meet next month with the CEO of TikTok at a hearing to probe whether one of the most popular apps in the world shares Americans’ data with China and whether it harms young children, the latest face-off between members of Congress and the head of a large social media platform.

Rep. Cathy McMorris Rodgers, R-Wash., chair of the House Energy and Commerce Committee, who has made Big Tech accountability a key part of her agenda, said Monday that TikTok CEO Shou Zi Chew would appear before the committee for the first time on March 23.

“ByteDance-owned TikTok has knowingly allowed the ability for the Chinese Communist Party to access American user data,” Rodgers said, referring to TikTok’s Chinese parent company. “Americans deserve to know how these actions impact their privacy and data security, as well as what actions TikTok is taking to keep our kids safe from online and offline harms.”

It’s not just Republican lawmakers.

“There is evidence that TikTok secretly monitors users, collects sensitive personal information, and shares such information with adversarial actors like the Chinese Communist Party,” Rep. Jan Schakowsky, D-Ill., the top Democrat on the Innovation, Data, and Commerce Subcommittee, said in an email. “We cannot let them use TikTok to exploit and manipulate Americans. We need answers.”

TikTok denies that it shares data with China and spokeswoman Brooke Oberwetter said the company looks forward to “set the record straight” at the hearing and explain how the company has designed a secure system to store U.S. users’ data in the United States.

Congress hasn’t passed legislation that would protect data privacy, and lawmakers’ efforts on TikTok to date have focused on banning the app from government-issued devices. At least 30 states and the federal government have done so. The fear is that China, with access to the data, would be able to manipulate Americans, and, in the case of government workers, to spy on them.

Lawmakers including Sens. Mark Warner, D-Va., and Marco Rubio, R-Fla., the chairman and vice chairman, respectively, of the Senate Intelligence Committee, told CBS News Sunday that TikTok would not be able to completely cut itself off from its Chinese parent.

The Biden administration has yet to sign off on a security proposal presented by TikTok to an interagency review panel.

The House committee has in recent years summoned top executives of Facebook parent Meta, Google’s parent Alphabet, and Twitter, among others to answer questions about the companies’ data practices, violations of privacy, and targeting of kids on their platforms. Although lawmakers in both chambers and across party lines have gotten CEOs to answer questions and submit to a grilling, Congress remains divided on how to address the dangers of online social media platforms.

The House Energy and Commerce Committee last year advanced a bipartisan bill backed by Rodgers and sponsored by ranking member Rep. Frank Pallone Jr., D-N.J., that would produce a national data privacy standard, but the measure didn't get a House floor vote, and no similar measure has passed in the Senate.

TikTok presents a more complicated case than the one faced by giants such as Google, Facebook and Twitter.

President Donald Trump issued an executive order in July 2020 banning TikTok, along with WeChat, another popular Chinese-owned messaging app, from the U.S. market because the apps “threaten the national security, foreign policy, and economy of the United States.” But a few months later, Trump approved a deal that established a separate U.S. entity called TikTok Global, in which software maker Oracle and Walmart would own 20 percent of the equity.

Even after the arrangement, officials and news reports have said the company could be sharing users’ data with the Chinese parent company and Beijing.

FBI Director Christopher Wray told Congress in December that Beijing could still “manipulate content, and if they want to, to use it for influence operations.”

BuzzFeed reported in June 2022, citing internal company recordings, that China-based employees of ByteDance were accessing nonpublic data on U.S. users.

Chew wrote to several Republican senators who asked him to explain issues raised by the BuzzFeed article. In his June 30, 2022, letter to Sens. John Thune, R-S.D., Marsha Blackburn, R-Tenn., Roger Wicker, R-Miss., and others, Chew said the company was working on a long-term plan to halt such data access from China, and the recordings obtained by BuzzFeed referred to the project and were misconstrued.

Chew wrote that the company was storing 100 percent of Americans’ data in the U.S. on servers operated by Oracle and was putting in place security measures to ensure no outside access was possible.

As part of the deal reached with the Trump administration, TikTok was required to submit a proposal to the interagency Committee on Foreign Investment in the Untied States, or CFIUS, on how Americans’ data would be collected, where it would be housed, and security protocols the company would follow.

The company submitted its security proposal to address national security concerns to the CFIUS committee in the summer of 2022 and hasn't yet heard back, Oberwetter said.

The security proposals give the U.S. government power to approve vendors that will oversee TikTok’s security compliance processes, approve officers who will be on the board of TikTok’s U.S. subsidiary and play a role in auditing the software source code, according to TikTok.