During the House committee hearing on TikTok, lawmakers presented a rare united front as they grilled CEO Shou Zi Chew on privacy and data collection. But they failed to even scratch at the larger issue at play.
TikTok is one of the few issues on which Democrats and Republicans appear united. The Biden administration and the Trump administration before it have both ordered TikTok to sell its American operations to a U.S.-based firm or face a national ban, citing national security concerns.
But the marathon five-and-a-half-hour hearing Thursday revealed one thing: TikTok isn’t the main problem. It’s a microcosm of a much broader issue of U.S. data privacy regulation, or the lack thereof.
The United States has no overarching data security legislation. Instead, data privacy and security is regulated by a patchwork network of state laws. Congress failed last year to pass a comprehensive data privacy law that would have increased protection for sensitive data, banned ads targeting minors, and made it easier to hold companies that collect personal data accountable. The bill was introduced in the House but later stalled amid concerns from House and Senate leaders.
“U.S. privacy law is missing,” said Alex Alben, a professor of internet law at the UCLA School of Law. “The data of Americans is exposed, and if Congress really wanted to do something … efficient and protective of user data, then they would pass a data privacy law that would govern all social media companies, including TikTok.”
Members of Congress accused TikTok of collecting user data, failing to moderate content, putting minors at risk, and providing the Chinese government with access to private user information.
All social media platforms, from Meta to Google and Twitter, collect user data. Alben explained to The New Republic that certain categories of data are protected, such as health care information through the Health Insurance Portability and Accountability Act, or HIPAA, and education records through the Family Educational Rights and Privacy Act, or FERPA. But data from people’s day-to-day lives is exposed. It’s legal for platforms to collect that information and use it to direct users to specific content or ads based on their activity history.
“We sort of have a regime now where the user has to opt out of the use of their data. And that puts the burden on individual consumers,” Alben said. “It’s not a surprise that the average consumer doesn’t have the time or necessarily the knowledge to exercise these rights.”
Some lawmakers on Thursday cited other countries that have chosen to ban TikTok from officials’ phones. But those countries, which include New Zealand and members of the European Union, have much stronger data privacy laws that regulate who can collect private data and how it can be stored. They operate on an opt-in strategy, where users decide to let platforms track their data, instead of the opposite automatically being the case. (The United States has also banned TikTok from government phones but taken none of the other steps.)
One of the few times Chew broke during the hearing was when asked if TikTok would split from its Chinese parent, Bytedance, if so ordered by the U.S. government.
“I don’t think ownership is the issue here,” he said. “With a lot of respect, American social companies don’t have a great record with privacy and data security.” He referred specifically to the 2018 Facebook scandal, when it was revealed that Cambridge Analytica secretly harvested millions of users’ data in order to target voters and help the Trump campaign.
Almost everything that TikTok is accused of doing, other major social media platforms have done too. The biggest difference, as several lawmakers said outright during the hearing, is that TikTok parent company Bytedance is headquartered in China.
If you think the US needs a TikTok ban and not a comprehensive privacy law regulating data brokers, you don’t care about privacy, you just hate that a Chinese company has built a dominant social media platform.
— Eva (@evacide) March 23, 2023
“I think singling out TikTok is a mistake,” Representative Jamaal Bowman said Thursday. The New York progressive is one of the few members of Congress on either side of the aisle to back the platform.
“We need to look at all social media platforms, and look at how harmful they may have been and may be, particularly around data privacy and data brokering.”
All Big Tech platforms pose some sort of threat to national security and human well-being. A report published earlier this week by the Tech Oversight Project highlighted some of the most egregious examples.
Nearly every year for the past 12 years, Facebook has come under fire for data breaches, mishandling consumer data, or accidentally exposing private user information. Russia was also able to manipulate the platform to interfere with the 2016 U.S. election.
Google has twice exposed private data, while the platform and its affiliate YouTube were found in 2019 to have violated children’s privacy.
Amazon’s livestreaming platform Twitch is rife with sexual harassment and child predators, while Apple and Google parent Alphabet design their products to be addictive for teenagers.
Internal documents leaked in 2021 showed that Meta knew its products were destroying teens’ mental health, particularly teenage girls’, but made no changes to its platform. Meta CEO Mark Zuckerberg was aware of this but lied to Congress under oath about it.
“This isn’t just a social media problem. It’s a tech problem. It’s a problem of internet governance overall,” Sapna Khatri, a clinical teaching fellow at UCLA Law, told TNR.
The lack of clear federal guidelines on privacy and data collection give companies “a lot of opportunities to evade the law.”
The U.S. needs to increase how it regulates data collection online and protects users against privacy infringement. But “the way to address that is not by banning a social media source … because that would then be an invasion of our First Amendment rights and other issues without actually even addressing the privacy concerns,” Khatri said.
TikTok, however, is an easy target, because China has given reasonable cause for concern, particularly in the tech world. Many of the major data breaches of the past decade, such as at Equifax or American Airlines, have been traced back to China in some way. A company associated with the Chinese government also owns a 1 percent stake in Bytedance.
But all data is vulnerable to some degree. China accessed the data in previous breaches without owning a stake in those companies. The government could also simply purchase data from one of the many third-party trackers that monitor social media platforms.
Simply put, it doesn’t really matter who owns TikTok, or any social media platform. If a bad actor wants to access private data, there are myriad ways they can—and continue to—do so.
It’s easy for politicians to use the specter of Chinese interference as a legislative bogeyman. China, and Asians in general, are often used as a political scapegoat for issues in American society.
And with the 2024 election coming up, neither side wants to appear weak.
“So … you have Republicans who are fearmongering, and Democrats have to come and show that we’re strong too. And so you get this hysteria whipped up around who’s stronger on China, who’s stronger on the border, who’s stronger with the debt?” Bowman said. “That’s not governance. We should not be governing based on fear and limited information.”
“Facebook looked the other way during Russian interference in our election, and we’re trying to ban TikTok?” Bowman added. “That’s bugged out to me.”
