The rise of TikTok and regulatory eyebrows in the US

TikTok’s rapid growth has led to scrutiny and opposition from the West, particularly the US, over concerns related to content moderation and data privacy. The US government’s anxiety over not being able to directly regulate TikTok’s data collection may lead to new regulations, potentially influencing how other governments approach the issue.

This article was first published in The Mint. You can read the original at this link.

TikTok has taken the world by storm. The viral app that allows users to post short videos, usually lip-syncing to a soundtrack with hilarious results, was, according to various sources, among the world’s five most-downloaded non-game apps of 2019. It is estimated that TikTok has around 625 million monthly active users (MAUs) globally, which seems to be a small number compared to Facebook’s 2.45 billion MAUs but represents a year-on-year growth of 85%. However, despite all this success, or perhaps because of it, TikTok has begun to face rising opposition from the West, in particular, the US.

A story in The Guardian a couple of months ago suggested that TikTok had put in place moderation guidelines designed to subtly advance foreign policy objectives of the Chinese government overseas. The article pointed out that the company can, and does at its discretion, mark some content “visible to self", which means that even though the user who uploads it believes the content has been posted, the TikTok algorithm responsible for populating the feeds of its users ensures that it does not spread widely. It is because of this approach to moderation that a search on TikTok for the Hong Kong riots throws up benign results while a user who made a video drawing attention to what was happening to Uighurs in Xinjiang found herself blocked from the service.

Given that TikTok is owned by Bytedance, commentators are finding it increasingly difficult to distinguish its operational policies from those of its parent. Bytedance has been known to censor videos that do not meet the party standards while promoting content praising China’s armed forces, and, as much as Bytedance might have stressed its commitment to user privacy, the fact that TikTok’s privacy policies for the US and the European Union state that data may be transferred to China with consent has been flagged as a cause for concern.

It is as a result of these and other concerns that the Committee on Foreign Investment in the United States (CFIUS) seems to have opened an investigation into Bytedance’s acquisition of (the app that was eventually re-christened TikTok). The committee has pointed out that Bytedance did not obtain CFIUS clearance for the deal, allowing it to initiate a security panel review. Separately, US senate minority leader Chuck Schumer and senator Tom Cotton have asked for a national security probe, raising concerns over TikTok’s data collection practices and asking whether the user data of the 110 million US citizens who have downloaded the app is being reviewed by Chinese censors. They indicated that given the size of its US user base, TikTok could easily be targeted by foreign influence campaigns, and, at the very least, represents a potential counter-intelligence threat that cannot be ignored.

Listening to the rising voices of disquiet from the US, I cannot help but notice how similar the concerns of US regulators are to those voiced by the Indian government. India has, of late, been vocal about its desire to get greater access to the data collected and processed by US social media companies. It has argued that these companies control the personal data of hundreds of millions of its citizens and actively resist Indian law enforcement requests for access. India recently introduced stringent data localization provisions in its draft privacy law to address this concern, hoping that by forcing these companies to host the data of Indian citizens locally, they might be able to get easier access to this data.

The US government has never before had to consider these issues. As all of the world’s largest social media companies are registered within its jurisdiction, user data has always been well within its legal reach. However, now that TikTok has acquired a significant US user base, for perhaps the first time since the creation of the internet, the American government is getting a sense of what it feels like to have the data of its citizens in the hands of a company over which it has no legal authority, and, what’s worse, one that is incorporated in a country with which it is currently engaged in a trade war.

US regulators know exactly how pervasive social platforms can be. From their own experience of having to regulate the world’s largest social media companies, they understand just how easily the vast volume of user information that these companies collect can be used to generate deep insights into individual behaviour, making them powerful tools for manipulating public opinion. This makes their increasingly apparent anxiety over not being able to directly regulate the data that TikTok collects that much more disconcerting.

Over the next few months, I expect the US government to come up with regulations aimed at addressing these concerns. TikTok has confirmed that it has localized the data of US citizens who use the app, and that its Chinese parent has no access to it. However, it remains to be seen whether these assurances are sufficient or if the US is going to apply additional measures to secure greater control over the data of its citizens.

Whatever ends up happening, it is likely that the manner in which the US regulates TikTok will serve as a template that other governments will adopt. If these measures are effective in giving the US extra-jurisdictional access to TikTok user data, American companies should expect foreign governments to apply similar measures to gain access to the user data they control.