Top lawmakers on the Senate Intelligence Committee called for a Federal Trade Commission probe of TikTok on Tuesday, amid allegations the social media company has made “repeated misrepresentations” to Congress and others on its data security practices.
In a letter to FTC Chair Lina Khan, Sens. Mark Warner and Marco Rubio, the chair and ranking member of the committee, said a recent BuzzFeed report on how TikTok’s Chinese parent, ByteDance, had repeatedly accessed US users’ data raises fresh doubts about the truthfulness of TikTok’s congressional testimony on its privacy practices.
“In light of this new report,” the lawmakers wrote, “we ask that your agency immediately initiate a Section 5 investigation on the basis of apparent deception by TikTok, and coordinate this work with any national security or counter-intelligence investigation that may be initiated by the U.S. Department of Justice.”
Section 5 of the FTC Act authorizes the agency to prosecute unfair and deceptive business practices. The FTC and TikTok didn’t immediately respond to requests for comment.
The letter marks the latest swing at TikTok by US officials over years-long bipartisan concerns that the Chinese government may use its national security laws to compel ByteDance to hand over data on US TikTok users, with what the US says could be potential risks to its security.
While there is no evidence that has actually occurred, the BuzzFeed report appeared to validate those concerns by showing that ByteDance’s employees within China do have access to US TikTok users’ information. At the time of the report, TikTok told CNN it has “consistently maintained that our engineers in locations outside of the US, including China, can be granted access to US user data on an as-needed basis.”
Last month, FCC Commissioner Brendan Carr called on Apple and Google to remove TikTok from their app stores, citing the same concerns — though Carr’s agency does not regulate app stores, and he is not responsible for setting the FCC’s agenda.
TikTok announced last month that it now processes all US user data on US-based cloud servers hosted by Oracle, and that it intends to eventually delete its backups of US user data stored on proprietary servers in Virginia and Singapore. It has also said it is working with Oracle on “data management protocols that Oracle will audit and manage.” But the lawmakers expressed doubts about how those steps could prevent Chinese access to US user data.