“Social media platforms such as TikTok, regardless of changes in ownership, are unable to adequately protect user data from government access.”

Under this Framework Agreement, TikTok's United States application will be operated by a newly established joint venture based in the United States. It will be majority-owned and controlled by United States persons and will no longer be controlled by any foreign adversary, since ByteDance Ltd. and its affiliates will own less than 20 percent of the entity, with the remainder being held by certain investors (Investor Parties). This new joint venture will be run by a new board of directors and subject to rules that appropriately protect Americans' data and our national security.

Applications controlled by foreign adversaries, like TikTok, are exploiting and weaponizing Americans' data. These applications are a national security threat to the American people. The CCP requires companies, like TikTok's parent company ByteDance, to secretly share access to a U.S. business or individual's data without their knowledge or consent. Internal TikTok recordings revealed “everything is seen in China.”

The U.S. government has taken a very hands-on approach to the TikTok case in the absence of a comprehensive national data privacy law, which would protect the data of users on TikTok or any other internet-enabled application. There should be concerns about how the new company will handle user data, maintain consumer privacy, protect free speech, and place limits on government surveillance of social media activities. In the absence of congressional guardrails, TikTok users may find that the transition in ownership could come with its own tradeoffs, affecting their privacy and the expectation that personal data will be beyond the government’s reach.

The Department of Homeland Security (DHS) is increasingly incorporating social media monitoring into its immigration, customs, and border enforcement activities — despite scarce evidence that it's effective. Social media information about millions of people, Americans and foreigners alike, in the hands of federal agencies is ripe for abuse and misuse.

A new entity controlling the social media app TikTok in the United States is being sold as a step toward addressing foreign influence and data security concerns. However, the Chinese parent company ByteDance will retain control over the TikTok algorithm, leaving the door open to possible manipulation by the Chinese government of what shows up in Americans' feeds, and the deal does little to alter the underlying risks that animated the debate during the previous US administration.

Timothy Edgar, a Harvard Law lecturer and cybersecurity expert, stated that the switch in management to a US-controlled entity avoids none of the security risks of foreign adversaries gaining access to U.S. user data and performing espionage, as there are many other ways to gain access. He also emphasized that the U.S. lacks uniform privacy regulations, potentially making data access easier now that TikTok is under less scrutiny for data protection.

The CLOUD Act does NOT permit unfettered, bulk, or automatic government access to data. US law enforcement must meet strict legal requirements and obtain a warrant or court order subject to judicial approval. The law does not allow indiscriminate or bulk access to domestic or foreign data.

The CLOUD Act has resulted in zero disclosures of AWS enterprise or government customer content stored outside the U.S. to the U.S. government, since we started reporting the statistic in 2020. It does not give the U.S. government or any government unfettered or automatic access to data, including data stored in the cloud.

TikTok states it takes national security concerns seriously and has established TikTok U.S. Data Security Inc. (USDS), a subsidiary with over 2,000 U.S.-based employees, to implement technical and operational safeguards. USDS controls access to protected U.S. user data, content recommendation, and moderation systems in the secure Oracle Cloud, and provides Dedicated Transparency Centers for third-party audits of its full source code and algorithms.

While a new US-controlled TikTok joint venture aims to safeguard the US content ecosystem and retrain its recommendation algorithm on US user data in Oracle's cloud, ByteDance will retain ownership and control over the underlying algorithm's intellectual property. This raises concerns that licensing terms might forbid the US entity from tampering with Chinese government-mandated content controls, or that Chinese influence operations could be deeply embedded in the algorithm.

US government requests for user data from technology companies has skyrocketed by 770% in the past decade, a new research report has concluded. In total, information from more than 3.5 million accounts has been shared with the federal government, reflecting routine government requests reported under standard transparency disclosures, according to the latest research from digital privacy company Proton.

On January 22, 2026, the TikTok USDS Joint Venture LLC officially closed, ending a year of legal limbo. The deal's architecture looks, at first glance, like a divestiture. But what actually changed, and what didn't? ByteDance retains ownership of the recommendation algorithm—meaning the US entity can operate it under license, but cannot own or independently transfer the core IP.

Project Texas, a sweeping effort by TikTok that cost $1.5 billion to mitigate national security concerns in the United States, is a quintessential example of digital solutions to geopolitical challenges at their best and worst. However, new evidence shows that such efforts would be more symbolic than substantive. One former data scientist explained that sending spreadsheets of sensitive user data from the United States to ByteDance staff in China was a regular procedure, raising questions over the efficacy of the proposed separation of data efforts.

While social media companies may argue that they protect user data, the reality is that personal information is often stored in large databases that can be vulnerable to hacking or government requests. Governments have expressed concern that encryption makes it difficult for law enforcement agencies to access crucial information in criminal investigations, leading some to push for 'backdoors' that could weaken overall security.

TikTok 的所有数据都有可能被中国政府获取。由于中国对中国政府可以向TikTok 索要哪些数据没有法律限制，因此中国政府可以获得所有数据。TikTok是由与中国政府关系密切的中国公司字节跳动拥有，因此其数据面临政府访问风险。

国会不应将目标对准TikTok，而应专注于为整个科技行业的数字平台制定更严格规则，制定保护所有社交媒体平台上用户数据的全国性法律。这暗示所有社交媒体平台，包括TikTok，都面临数据保护挑战。

Following TikTok's official split from ByteDance and control by a new U.S.-based entity (TikTok USDS Joint Venture LLC) on January 22, 2026, a mandatory privacy policy update led to a surge in app deletions. This new structure, intended to address Chinese data access concerns, instead created new concerns about domestic surveillance under U.S. corporate and government oversight, notably allowing for the collection of precise GPS location data, which was previously prohibited.

Following TikTok's transition to new U.S.-majority ownership, its updated privacy policy, effective January 22, 2026, now states that the app may collect precise location data if location services are enabled, a change from its previous policy which explicitly stated it did not collect GPS-derived location data from U.S. users. The new policy also explicitly provides that the app collects data from users' interactions with its AI tools, including prompts, questions, files, and other types of information submitted to AI-powered interfaces.

Governments are increasingly purchasing sophisticated technology to monitor citizens' behavior on social media, with at least 40 of 65 countries having advanced social media monitoring programs. This form of mass surveillance, which includes collecting and processing personal data from digital platforms, is used by intelligence and law enforcement agencies with little oversight or accountability, threatening civic activism and raising privacy concerns beyond specific platforms like TikTok.

The US CLOUD Act (2018) allows US law enforcement to compel US-based technology companies to provide data stored anywhere in the world, regardless of ownership structure. This applies to platforms like TikTok under US ownership, enabling government access via warrants or national security letters without user notification in many cases. Similar laws exist in other jurisdictions, such as the UK's Investigatory Powers Act.

TikTok在2021年隐私政策中未能充分披露个人数据可能被传输至中国，且在监管问询阶段，未能提供准确、全面的信息。TikTok极可能是基于标准合同条款开展数据跨境，但未能满足实质等同保护的最低合规门槛。

The GDPR (General Data Protection Regulation) grants social media users enhanced control over their personal data. It ensures rights to access, correct, and delete data, mandates explicit consent for data processing, and requires platforms to notify users of data breaches, strengthening privacy online. EU social media regulations are a set of laws designed to create a safer and fairer online environment for users and businesses.

A new US ownership structure for TikTok is sparking new questions about privacy and content control, even as the company says little has actually changed for users. TikTok is now operated in the US by a majority American venture promising to operate with rules designed to protect national security through data safeguards, algorithm security, content moderation, and software controls for US users, but some people remain skeptical.

TikTok成立了美国数据安全（USDS）部门，负责管理美国用户数据的保护，并与美国国家安全局合作，由甲骨文存储数据，以确保数据安全。尽管有这些措施，但文章承认美国政府对TikTok中国背景的数据安全担忧持续存在。