The statements should explain “the basis for your company’s conclusion that the surreptitious access of private and sensitive U.S. user data by persons located in Beijing, coupled with TikTok’s pattern of misleading representations and conduct, does not run afoul of any of your app store policies,” he said.
Carr’s letter pointed to a BuzzFeed News report from earlier in the month that said recordings of TikTok employee statements indicated engineers in China had access to U.S. data between September 2021 and January 2022.
The BuzzFeed report included a statement from a TikTok spokesperson.
It said: “We know we’re among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data. That’s why we hire experts in their fields, continually work to validate our security standards, and bring in reputable, independent third parties to test our defenses.”
On June 17, the same day as the BuzzFeed report, TikTok announced it was routing all of U.S. user traffic to Oracle Cloud Infrastructure and was moving U.S. users’ private data from its own data centers in the U.S. and Singapore to Oracle cloud servers in the U.S.
