TikTok Moves US User Data to Oracle Servers

TikTok Moves US User Data to Oracle Servers
The TikTok logo is pictured outside the company's U.S. head office in Culver City, California, on Sept. 15, 2020. (Mike Blake/Reuters)
Reuters
6/18/2022
Updated:
6/18/2022
0:00

NEW YORK/WASHINGTON—TikTok said it has completed migrating information on its U.S. users to servers at Oracle Corp, in a move that could address U.S. regulatory concerns over data integrity on the popular short video app.

The move, which was first reported by Reuters, comes nearly two years after a U.S. national security panel ordered parent company ByteDance to divest TikTok because of fears that U.S. user data could be passed on to the Chinese communist regime.

TikTok is one of the world’s most popular social media apps, with more than 1 billion active users globally, and counts the United States as its largest market.

The United States has been increasingly scrutinizing app developers over the personal data they handle, especially if some of it involves U.S. military or intelligence personnel.

The order to sell off TikTok was not enforced after Joe Biden succeeded Donald Trump as U.S. president last year.

The panel, known as the Committee on Foreign Investment in the United States (CFIUS), however, has continued to harbor concerns over data security at TikTok that ByteDance is now hoping to address, Reuters previously reported.

The White House had no immediate comment while the U.S. Treasury declined to comment.

In March, Reuters reported that TikTok was nearing a deal for Oracle Corp to store its U.S. users’ information.

Oracle had discussed acquiring a minority stake in TikTok in 2020, when ByteDance was under U.S. pressure to sell the app. The cloud computing giant now stores all of TikTok’s U.S. user data on Oracle data servers in the United States under the new partnership, TikTok said.

Oracle declined to comment.

Data Security Team

TikTok had previously been storing its U.S. user data at its own data centers in Virginia, with a backup in Singapore. It will now delete private data on U.S. users from its own data centers and rely fully on Oracle’s U.S. servers, it said.

The Virginia and Singapore centers are still being used to back up the data, the company said.

TikTok has also set up a dedicated U.S. data security team known as “USDS” as a gatekeeper for U.S. user information and ring-fencing it from ByteDance, a company spokesperson told Reuters.

Led by Andrew Bonillo, who was an executive at TikTok’s global security department, the USDS currently reports to TikTok CEO Shou Zi Chew, the spokesperson said.

The company is discussing a structure under which the team would operate autonomously and not be under TikTok’s control or supervision, a source told Reuters.

Another senior executive at USDS is Will Farrell, who was previously working under TikTok’s Chief Security Officer Roland Cloutier. The USDS team includes content moderation personnel, engineers, and members from user and product operations.

ByteDance is one of China’s fastest growing startups. It owns the country’s leading news aggregator, Jinri Toutiao, as well as TikTok’s Chinese counterpart Douyin.

In June 2021, Biden withdrew Trump-era executive orders that sought to ban new downloads of WeChat and TikTok. The Commerce Department is writing new rules on app data security that could potentially lead to restrictions on how apps based abroad use U.S. user data or even ban apps deemed serious security risks.

Commerce Secretary Gina Raimondo said last year the administration is “very serious about protecting Americans’ data,” but criticized Trump’s approach.

“Doing some executive order that’s meaningless on TikTok is not the way to do it,” she said.

By Echo Wang and David Shepardson