TikTok’s parent company ByteDance accessed the data of two journalists and other users in an attempt to track down company leaks in revelations that will likely intensify security concerns in the West about the popular video app’s Chinese ownership.
ByteDance employees in China and the U.S. inappropriately pulled the data including the IP addresses —which reveal a person’s general location — of journalists from BuzzFeed News and the Financial Times and people they had connected with via TikTok, according to an internal investigation. ByteDance had tried unsuccessfully to identify staff who had shared internal company documents with the reporters.
The news comes as U.S. Congress is set to vote this week to ban TikTok from U.S. federal government phones over fears about privacy and national security. There is also growing European concern over the case.
“We expect clear explanations and irrevocable commitments from TikTok,” tweeted French digital minister Jean-Noël Barrot today. “France and Europe will never compromise on the freedom of the press.”
The investigation conducted by an outside law firm was revealed in emails that ByteDance’s general counsel Erich Andersen sent to employees on Thursday and were shared on Thursday with media outlets including The New York Times. It followed previous reports alleging the company had gathered U.S. users’ data, including their location, phone numbers and birthdays.
ByteDance said Thursday it had fired the four employees and restructured their audit and risk team, according to the Washington Post.
The Chinese-owned company is separately negotiating with CFIUS, a U.S. body that conducts national security reviews of foreign companies’ deals, to determine whether it can remain operational in the country via divestments to a U.S.-based company.
In Europe, the first results of an investigation into TikTok’s transfers of millions of Europeans’ data to China by the Irish privacy regulator is expected in early 2023. Ireland’s Data Protection Commission is responsible for TikTok’s compliance with EU privacy rules, the General Data Protection Regulation.
TikTok’s European head of privacy Elaine Fox in November admitted that Europeans’ data is accessed by employees in China. European TikTok users’ information is, she said, stored in the U.S. and Singapore.
