TikTok takes action amid new claims workers in China accessed US users’ data

After concerns arose that TikTok's Chinese ties could pose national security risks, the social media company moved its US user data to Oracle's cloud platform, according to a blog published by the firm on Friday.

Better safeguarding the app, systems, and the security of US user data

"For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data. We've now reached a significant milestone in that work: we've changed the default storage location of US user data, said Roland Cloutier, the TikTok chief information security officer.

"Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work, we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US."

The new decision comes as a report from BuzzFeed news surfaced leaked audio from TikTok in-house meetings that claimed that ByteDance employees in China had accessed private information about US TikTok users. TikTok, however, has continuously claimed that it has never given US user data to Chinese officials and that it would never do so even if asked.

"We also take our responsibility to safeguard our community seriously, both in how we address potentially harmful content and how we protect against unauthorized access to user data," said Cloutier in the statement.

TikTok explained that it had long stored US user data in its own data centers in the US and Singapore, which included physical and logical safety controls such as gated entry points, firewalls, and intrusion detection technologies. These centers were used to maintain backup data storage locations to guard against scenarios where user data could be lost.

Now, however, the firm said it was "working closely with Oracle to develop data management protocols that Oracle will audit and manage to give users even more peace of mind."

Implementing a new department

TikTok even said it was implementing a new department established recently with US-based leadership to manage US user data for TikTok solely.

"Together, these changes will enforce additional employee protections, provide more safeguards, and further minimize data transfer outside the US. This is an important direction from a systems and data security standpoint, and part of our focus on preserving an interconnected experience for our global community while building a security-first culture," concluded Cloutier.

The measures do seem expansive enough to reassure US audiences that their data are in safe hands. In addition, they testify to TikTok's dedication to its US users. 

The firm, however, did fail to acknowledge the Buzzfeed news report and its repercussions. Perhaps that, too, should have been tackled in the blog. Still, at least TikTok users can rest assured that their data is in safe hands for now.