TikTok gave U.S. lawmakers more details in a letter dated Thursday about how it plans to keep data about its American users separate from ByteDance, its Chinese parent company, aiming to combat concerns that the video app poses a national security risk.
In a letter to nine Republican senators, Shou Zi Chew, TikTok’s chief executive, explained how the company would operate the app from servers controlled by Oracle, the U.S. cloud computing giant. TikTok would be run from the American company’s machines and audited by a third party, Mr. Chew said. He also reiterated a plan to store American users’ personal information with Oracle, rather than on TikTok’s servers.
“We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of U.S. user data,” Mr. Chew wrote in the letter, which was obtained by The New York Times.
TikTok, which is highly popular for its short and viral meme-making videos, has been working to rebut concerns that it is a national security risk. For years, critics of the app have worried that the Chinese government would request data belonging to Americans directly from ByteDance and that TikTok was subject to the influence of the Chinese Communist Party.
In 2020, President Donald J. Trump cited those concerns and demanded that ByteDance sell TikTok if the app was to remain in American app stores. His administration later announced a deal in which ByteDance would sell at least part of TikTok to Oracle, though the transaction never came to fruition.
TikTok remains under the scrutiny of the Committee on Foreign Investment in the United States, a group of government agencies that vets foreign purchases of American companies.
Last month, BuzzFeed News reported that ByteDance employees had gained access to the app’s data as recently as this year and that employees were struggling to cordon off information collected by the app.
After the report, nine Republican senators — including Marsha Blackburn of Tennessee and John Thune of South Dakota — wrote to TikTok with questions about its practices. Last month, a member of the Federal Communications Commission also said Apple and Google should remove TikTok from their app stores.
In Mr. Chew’s letter responding to the Republican senators, he said ByteDance employees in China could get access to TikTok data only when “subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”
He also reiterated the company’s hope that it would soon be able to delete U.S. data from its servers and store the information entirely with Oracle. (Some details of its plans were first reported by BuzzFeed.)
“We have not spoken publicly about these plans out of respect for the confidentiality of the engagement with the U.S. government, but circumstances now require that we share some of that information publicly to clear up the errors and misconceptions in the article and some ongoing concerns related to other aspects of our business,” he said.
But Mr. Chew also made it clear that ByteDance employees in China would still be working on TikTok. Those employees can still develop the algorithm that feeds personalized video recommendations to TikTok’s users, he said, though Oracle would “ensure that training of the TikTok algorithm” happens only on its servers.
And certain information — like public videos and comments — would remain available to ByteDance employees under conditions approved by the U.S. government, he wrote, to “ensure global interoperability so our U.S. users, creators, brands and merchants are afforded the same rich and safe TikTok experience as global users.”