TikTok Exec Confirms Chinese Parent Company Has Access to User Data, Mum on CCP’s Law Requiring Cooperation

Article 7 of Beijing’s National Intelligence Law obligates Chinese citizens, organizations, and institutions to support the CCP in intelligence work.
TikTok Exec Confirms Chinese Parent Company Has Access to User Data, Mum on CCP’s Law Requiring Cooperation
The TikTok app is displayed on an Apple iPhone in a file photo. Drew Angerer/Getty Images
Andrew Chen
Updated:
0:00

A TikTok senior executive confirmed that the video sharing app’s Chinese parent company has access to user data, but did not confirm whether the Chinese Communist Party (CCP) can also access this data under its National Intelligence Law.

David Lieber, head of TikTok’s privacy public policy for the Americas, was asked by NDP MP Matthew Green at a House of Commons Ethics Committee on Oct. 18 whether TikTok has “a parent company in China that has access to user data.”

Mr. Lieber responded “yes.” TikTok is owned by ByteDance, which has its headquarters in Beijing.

Mr. Green asked whether the Chinese parent company is obligated to provide the user data to the state under the National Intelligence Law. Article 7 of the law stipulates that Chinese citizens and organizations, including private businesses, are obligated to provide support, assistance, and cooperation in the communist regime’s national intelligence operations.

“Is that Chinese company, your parent company, is it also regulated under Chinese state National Law that should the Chinese government want to access their information ... that they could do that?” asked Mr. Green.

“Well, I’m not an expert in Chinese law,” Mr. Lieber replied.

When pressed for an answer, he said that certain subsidiaries of ByteDance in different parts of the world may argue that Chinese law may not be applicable to them. However, he declined to comment further, saying, “I’m not going to opine on the application of Chinese law.”

Mr. Lieber also said that the Chinese regime has never requested user data from them, and that they “would not disclose user data to the Chinese government if we were requested to do so.”

When asked by Mr. Green if the Chinese regime can access the data through “other backdoors,” Mr. Lieber said: “it would be irresponsible for me or any other employee of a technology company to make categorical guarantees about what governments are capable of or incapable of in terms of their ability to conduct activities including hacking on their own initiative.”

Questions on United Front

Steve de Eyre, director of public policy and government affairs for TikTok’s Canadian branch, also declined to comment on TikTok’s association with the United Front Work Department, a CCP agency involved in intelligence collection.

In response to a question from Conservative MP Michael Barrett, he stated, “I’m not familiar with that organization.” Instead, Mr. de Eyre said that TikTok is unavailable in mainland China and emphasized its status as a private organization.

Mr. Barrett highlighted reports suggesting that a ByteDance product called Douyin, a short-video content platform, has been used by the CCP as a propaganda tool. He pointed out that the regime has provided funding to influencers on the platform through the United Front.

“The proximity between these sister companies is the type of thing that gives rise to great concern for us as legislators, for Canadians as users, for us as parents,” he said.

FBI Director Christopher Wray has said that TikTok poses national security threats.
“[TikTok’s] parent company [Bytedance] is controlled by the Chinese government and it gives them the potential to leverage the app in ways that I think should concern us,” Mr. Wray told an audience at the University of Michigan’s Gerald R. Ford School of Public Policy last year.

Bans

In February, the federal government banned TikTok from all government-issued devices due to concerns about the application’s data collection practices. The Treasury Board of Canada Secretariat explained in a statement that TikTok’s collection methods provide “considerable access to the contents of the phone.”

“Following a review of TikTok, the Chief Information Officer of Canada determined that it presents an unacceptable level of risk to privacy and security,” the statement said.

Ottawa’s decision to restrict TikTok on government-issued devices followed the U.S. federal government and over 28 American states banning the app from being downloaded on state-owned devices. Similarly, both the European Commission and European Union Council have ordered their staff to uninstall TikTok from their corporate devices due to cybersecurity concerns.
Mr. de Eyre said his company had reached out to the Treasury Board seeking clarification about the app being singled out in the ban. He also argued that such measures should be uniformly applied to other social media platforms on government employee devices.

Age Verification

In addition to facing sanctions over security concerns, TikTok has also faced a 345 million euro ($399 million) data privacy fine from Ireland’s Data Protection Commission. The commission has also issued a compliance order to TikTok due to its failure to protect the private data of its teenage users.

TikTok has an age limit requirement prohibiting children under the age of 13 from using the application. However, Mr. Lieber acknowledged limitations in its age verification process.

“We don’t clue them in about what the eligibility age is so that we don’t indicate to them that providing an age that’s either under 13 or over 13 is what they need to do,” he said.

Liberal MP Iqra Khalid also raised concerns regarding another aspect of age verification. She questioned Mr. de Eyre’s claim of “misconceptions” that the app collects comprehensive personal data, including users’ real names.

“How do you identify what an ‘age appropriate experience’ is if you’re not collecting data on people and what their interests are?” she asked.

Citing a TikTok internal report for the second quarter of 2023, Mr. de Eyre said that the application had removed over 18 million accounts globally of users who were suspected of being under 13.