Can TikTok, Oracle deal finally put US data sovereignty concerns to bed?

Sources claim the cloud computing giant will store all of TikTok's US user data on its platform, with its Chinese parent company having no access to it by design.
11 March 2022

Could the TikTok, Oracle deal finally put data sovereignty concerns in the US to bed? (Photo by Tolga Akmen / AFP)

  • The collaboration would address US regulatory concerns over data integrity on the ultra-popular short video app, TikTok
  • The agreement comes a year and a half after a US national security panel ordered ByteDance to divest TikTok on the basis of data sovereignty concerns
  • Sources claim that TikTok is also exploring partnerships with other tech firms over firewalls and other cybersecurity measures

Back in 2020, former president of the United States (US) Donald Trump pressured -popular app TikTok to find an American buyer due to concerns that its Chinese parent company ByteDance could hand over US users’ data to their government. TikTok wasn’t given much of a choice in the matter, as they would run the risk of getting banned in the US, one of their biggest markets. 

The popular short video app ultimately struck a partnership deal with Oracle and Walmart in late 2020, giving the US businesses a stake in the app in return for assurances of providing more secure, US-approved technology. Then Trump lost the elections, the pressure was alleviated off the Chinese tech giants, and Oracle and Walmart’s plan to buy TikTok’s US operations was pushed back indefinitely.

After over a year of President Joe Biden reviewing his predecessor’s efforts to address potential security risks from Chinese tech companies, new rumors are surfacing that TikTok is once again nearing a deal with Oracle to handle its US data. People familiar with the matter have apparently told Reuters that the deal is to store TikTok’s US users’ information without its Chinese parent ByteDance having access to it — thereby making it more acceptable in the eyes of US lawmakers.

According to the report, the Oracle deal is still alive for the same reason as during the Trump era: to address US regulatory concerns over data integrity on the popular short video app. “That order was not enforced after Joe Biden succeeded Donald Trump as US president last year,” the report pointed out. 

In short, the Committee on Foreign Investment in the United States (CFIUS), the panel that reviews deals by foreign acquirers for potential national security risks, has apparently continued to harbor concerns over data security at TikTok that ByteDance is now hoping to address, the sources said.

“It is not clear whether CFIUS will find that TikTok’s partnership with Oracle will resolve the national security issues it has identified,” Reuters noted, attributing this to the sources. Currently, some of TikTok’s data is currently stored on Alphabet Inc’s Google Cloud

Additionally, the partnership, if materialized, would see a dedicated US data management team of hundreds of people be set up. They will act as a gatekeeper for US user information and ring-fence it from ByteDance. 

“The team will be composed of engineers and cyber security personnel. The companies are discussing a structure under which that team would operate autonomously and not be under TikTok’s control or supervision,” the sources added. On top of this rumored partnership, TikTok is said to also be exploring partnerships with other technology companies over firewalls and cybersecurity measures.

Concerns over data sovereignty when it comes to TikTok isn’t an isolated case in the US. In 2020 also, Chinese gaming company Beijing Kunlun Tech Co Ltd was forced to sell its popular gay dating app Grindr in 2020, after CFIUS approached it with national security concerns.

In January this year, Biden’s administration said that new regulations are being formed, to expand government oversight on TikTok and other Chinese-owned apps. The Commerce Department is reviewing comments on proposed rules for apps that could be exploited “by foreign adversaries to steal or otherwise obtain data,” according to a federal filing. 

The rules could allow the Commerce Department to require apps to submit to audits, allowing independent scrutiny of their source code and other data they collect. There is no timeline for when the rules will be finalized.