TikTok Says US User Data Now Stored by Default on Oracle Servers
id=”article-body” class=”row” section=”article-body” data-component=”trackCWV”>
TikTok on Friday took another step in attempting to assuage concerns about the security of its US user data. The popular social video app said in a blog post that it’s , with “100% of US user traffic is being routed to Oracle Cloud Infrastructure.”
TikTok has long faced , gethroughwork including that the app could give the Chinese government access to US user data. In 2020, the US government ordered ByteDance, the app’s Beijing-based parent company, to divest TikTok. However, the sell-off wasn’t enforced by the Biden administration.
Although TikTok has repeatedly said it doesn’t share user data with the Chinese government, it still partnered with Oracle as part of its attempt to satisfy American national security concerns.
Previously, TikTok , with a backup in Singapore. The company on Friday said these data centers continue to be used as backups while it works to “fully pivot to Oracle cloud servers located in the US.” It added that it plans to eventually delete US users’ private data from its own data centers.
“We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data,” wrote Albert Calamug, who works on US security public policy for TikTok, in the blog post on Friday.
Even with these steps, concerns remain about who might have access to US data, regardless of where it’s located. On Friday, reported that “China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users,” citing leaked audio from internal company meetings. Engineers in China reportedly had access to US data between September 2021 and January 2022, though the time frame could be longer.
A TikTok spokesperson said Friday that the company has and in May created a new department with US-based leadership to provide a “greater level of focus and governance” on US data security.
“The creation of this organization is part of our ongoing effort and commitment to strengthen our data protection policies and protocols, further protect our users, and build confidence in our systems and controls,” the spokesperson added.