Leaked audio recordings from more than 80 internal meetings of ByteDance, the Chinese parent company of video platform TikTok, show China-based employees have repeatedly accessed the private data of TikTok users in the U.S.
The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least.
[N]ine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.
"Everything is seen in China," said a member of TikTok's Trust and Safety department in a September 2021 meeting.
In another September meeting, a director referred to one Beijing-based engineer as a "Master Admin" who "has access to everything."
Additional screenshots and other documents show data was accessed "far more frequently and recently than previously reported" and "suggest that the company may have misled lawmakers, its user, and the public by downplaying that data stored in the US could still be accessed by employees," writes BuzzFeed reporter Emily Baker-White.
BuzzFeed reports from its review of the recordings and documents that "the vast majority of situations where China-based staff accessed US user data were in service of Project Texas' aim to halt this data access."
Project Texas refers to a contract currently being negotiated between TikTok, cloud service provider Oracle, and the U.S. government agency Committee on Foreign Investment in the United States (CFIUS).
The Project Texas agreement stipulates that TikTok would store US users' "protected private information" exclusively at an Oracle data center in Texas, accessible only to "specific US-based TikTok employees."
TikTok also published a blog post on Friday titled "Delivering on our US data governance":
For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data. We've now reached a significant milestone in that work: we've changed the default storage location of US user data. Today, 100% of US user traffic is being routed to Oracle Cloud Infrastructure. We still use our US and Singapore data centers for backup, but as we continue our work we expect to delete US users' private data from our own data centers and fully pivot to Oracle cloud servers located in the US.
TikTok also said it has not and will not ever share user data with the Chinese government.
Oracle did not respond to BuzzFeed's request for comment. CFIUS declined to comment.
P.S. Now check out our latest video: "Highlights from Biden's speech last night" 👇