(Reuters) – Chinese-owned social media site TikTok told U.S. senators it was working on a final agreement with the Biden Administration that would “fully safeguard user data and U.S. national security interests,” according to a TikTok letter seen Friday by Reuters.
The letter dated Thursday came in response to questions raised in a June 27 letter by a few senators including Republicans Marsha Blackburn and Ted Cruz, TikTok said.
TikTok, owned by Chinese technology conglomerate ByteDance, is one of the world’s most popular social media apps, with more than 1 billion active users globally. It counts the United States as its largest market.
TikTok Chief Executive Shou Zi Chew told senators in the letter the short video app was working with Oracle Corp (ORCL.N) on “new advanced data security controls that we hope to finalize in the near future.”
Last month, TikTok said it had completed migrating U.S. users’ information to servers at Oracle but it was still using U.S. and Singapore data centers for backup.
TikTok’s letter acknowledged that China-based employees “can have access to TikTok U.S. user data subject to a series of robust cybersecurity controls and authorization approval protocols overseen by our U.S.-based security team.”
TikTok said it expected “to delete U.S. users’ protected data from our own systems and fully pivot to Oracle cloud servers located in the U.S.”
TikTok has sent a response to the senators’ letter, a company spokesperson said in a statement to Reuters. “We look forward to connecting with members of Congress to discuss the substance of our letter.”
TikTok is working to build U.S.-based engineering capacity to further reduce the need for data access across regions, the spokesperson added.
Senator Blackburn, of Tennessee, said TikTok “should have come clean from the start but instead tried to shroud their work in secrecy.” She said TikTok needs to “come back and testify before Congress.”
The TikTok letter came nearly two years after a U.S. national security panel ordered ByteDance to divest TikTok because of fears that U.S. user data could be passed on to China’s communist government.
That order was not enforced after Joe Biden succeeded Donald Trump as U.S. president last year. The panel, however, known as the Committee on Foreign Investment in the United States (CFIUS), is still conducting a national security review of the company, according to the letter.
“We know we are among the most scrutinized platforms from a security standpoint and we aim to remove any doubt about the security of U.S. user data,” the letter said.
TikTok has said in the past that employees in China have data access to U.S. user data. In a 2020 blogpost Roland Cloutier, TikTok’s chief information security officer, said, “Our goal is to minimize data access across regions so that, for example, employees in the APAC region, including China, would have very minimal access to user data from the EU and US.”
A BuzzFeed story in June showed ByteDance engineers in China had access to U.S. data between September 2021 and January 2022.
The letter also said “ByteDance developed the algorithms for both Douyin and TikTok, and therefore some of the same underlying basic technology building blocks are utilized by both products.” TikTok is known as Douyin in China.
But TikTok’s business logic, algorithm, integration and deployment of systems is specific to the TikTok application and separate from Douyin, the letter said.
Reuters previously reported that while the code for the app, which determines the look and feel of TikTok, has been separated from Douyin, the server code was still partially shared across other ByteDance products. The server code provides basic functionality of the apps such as data storage, algorithms for moderating and recommending content and the management of user profiles.
The Chinese government took a stake and a board seat in a key ByteDance entity in 2021.
TikTok explained in its letter to the senators that its acquisition of 1% of Beijing Douyin Information Service Ltd was necessary to obtain a news license in China.