TikTok users’ private data is routinely accessed by employees in China, although the video app promises to store data outside the country, an investigation has found.
Employees at ByteDance, the video app’s Chinese owner, are able to see non-public information about users, such as birthdays and phone numbers, according to staff at news site BuzzFeed.
A staffer claimed that “everything is seen in China,” adding concerns that the app’s data could be used by Beijing to collect data on Western citizens.
TikTok, best known for short videos recommended to users via a recommendation algorithm, is used by more than 15 million UK adults who spend an average of almost 30 minutes a day on the app.
The company has insisted it has never turned over data to the Chinese government and that data for UK, Europe and US users is stored on computer servers in the US and Singapore.
However, the investigation revealed that access to this data by employees in China can hardly be prevented.
On Friday, TikTok said it now stores all of its data about US users at Oracle, an American company, and is working to protect the data so only a small number of employees can access it.
However, a data storage facility in Ireland intended to store data from UK and European users is not due to open until next year and it is unclear whether it will receive the same protections.
Recordings of staff meetings leaked to BuzzFeed showed engineers in China were not able to access user data until January of this year.
One employee in Beijing was described as a “master admin” who has “access to everything”. Another said: “I feel like there is a back door in almost all of these tools to access user data.”
TikTok previously told U.S. senators that a “world-renowned, U.S.-based security team” is deciding who accesses user data.
TikTok has surged in popularity in recent years, becoming one of the most well-known smartphone apps in the world, but its rise has been reflected in concerns over its Chinese ownership.
Indian authorities banned the app and Donald Trump tried to force the company to sell its US business before losing the 2020 election.
The company is currently negotiating with US authorities for an agreement to protect American users’ data by storing it at an Oracle facility in Texas.
TikTok said on Friday that all of its US users’ traffic is now sent to Oracle data centers. However, it will still be backed up on the company’s own servers and it is still being determined which employees can access it.
This year the company signed a deal to build a data center in Dublin and said it will “minimise” data transfers outside of Europe.
It had been expected that TikTok would announce that its non-US headquarters would be based in London, but reportedly backed down from the plan in 2020 amid rising tensions between the government and China.
Conservative MPs had called for UK user data to be stored in the UK as part of the plans.
TikTok said, “We know that we are among the most scrutinized platforms from a security perspective, and we want to eliminate any doubt about the security of US user data.”
It did not respond to a request for comment on whether UK user data could be accessed from China.
https://www.telegraph.co.uk/business/2022/06/17/chinese-can-see-tiktok-users-private-data-including-phone-numbers/ Chinese can see TikTok users’ private data including phone numbers