Fears that China could snoop on TikTok users were confirmed in leaked recordings from internal meetings held by the social media app’s parent company, according to a bombshell report Friday.
The recordings revealed that China-based employees of ByteDance repeatedly accessed data tied to US users — raising fresh concerns about TikTok, which once faced a ban in the United States because of privacy concerns.
Audio clips from dozens of meetings revealed 14 statements from nine TikTok employees who said that ByteDance engineers in China could access nonpublic US user data, BuzzFeed reported, citing material from more than 80 meetings.
The Chinese employees were capable of accessing the information from at least September 2021 through January.
The leaked recordings suggest that Beijing-based ByteDance’s ability to access US user data was farther-reaching than previously known — with one TikTok director stating at a September 2021 gathering that one unnamed engineer in China was “Master Admin” who “has access to everything.”
In a separate meeting that same month, a member of TikTok’s Trust and Safety department purportedly said that “everything is seen in China.”
BuzzFeed said the recordings were made at TikTok meetings ranging from closed-door talks between company executives to all-hands presentations. The report suggests that TikTok officials may have downplayed the extent to which China had access to its database in communications with both congressional lawmakers and the public.
The outlet said it compiled statements from eight different employees who said US-based TikTok workers had to consult with colleagues in China to assess the flow of user information — with American employees reportedly lacking the ability to look at the data.
TikTok is one of the most popular social media platforms, especially with children and young adults, having more than 1 billion active users worldwide.
“We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” TikTok spokesperson Maureen Shanahan said in a statement to BuzzFeed.
“That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses,” the spokesperson added.
TikTok elaborated on its position in a separate statement to The Post.
“As we’ve publicly stated, we’ve brought in world class internal and external security experts to help us strengthen our data security efforts,” a TikTok spokesperson said. “This is standard industry practice given the complexity of data security challenges.
“In May, we created a new in-house department, U.S. Data Security (USDS), with US-based leadership, to provide a greater level of focus and governance on US data security,” the spokesperson added. “The creation of this organization is part of our ongoing effort and commitment to strengthen our data protection policies and protocols, further protect our users, and build confidence in our systems and controls.”
TikTok sought to address concerns about user security in a blog post shortly before BuzzFeed’s story was published. The blog post revealed that TikTok had migrated data on its US users to servers run by Oracle.
“We’re also making operational changes in line with this work — including the new department we recently established, with US-based leadership, to solely manage US user data for TikTok,” the blog post said. “Together, these changes will enforce additional employee protections, provide more safeguards, and further minimize data transfer outside of the US.”
Former President Donald Trump’s administration repeatedly raised concerns that the Chinese Community Party could improperly gain access to the personal data of American users. Trump officials argued that parent company ByteDance had direct ties to officials in Beijing and posed a national security risk.
President Biden later revoked the Trump-era effort to ban TikTok and instead ordered Commerce Secretary Gina Raimondo to conduct a review of apps that could pose a security risk.