On March 23, TikTok CEO Shou Zi Chew testified before Congress for the first time regarding potential security concerns over the app. His testimony brought forth a rare flicker of bipartisanship. Chew did the impossible by somehow bringing both Democratic and Republican lawmakers together in their hatred of America’s fastest-growing social media platform. The agenda for the meeting was a potential ban of the service, an idea first floated during former President Donald Trump’s administration and realized with a bipartisan bill giving broad powers to the Secretary of Commerce to regulate services produced by hostile nations to the United States, namely China. The TikTok community has equally been quick to unite against such measures. Mocking senile lawmakers for their unnecessary paranoia has ironically strengthened TikTok.
Many of my peers are right in defending TikTok as a creative space, but they are wrong in assuming that the bipartisan concerns of lawmakers are trivial. There are real security concerns TikTok presents that cannot be assuaged in a TikTok PR blitz to appeal to the majority. TikTok consumes a massive amount of personal data, including contact information, search history and biometrics, and they have been far from transparent in combating fraud and misuse. In September 2022, TikTok denied virulent reports that the hacking group AgainstTheWest had accessed over 2 billion records containing millions of user statistics. This comes after a promise by TikTok to shore up security by putting data security in the hands of the United States company Oracle. A few days before Shou testified before Congress, the Justice Department opened an investigation into the service after reports surfaced of employees at ByteDance — a Chinese company — gaining access to the data of United States tech reporters. The ease with which independent groups can get through TikTok’s firewall raises alarm about a far more organized and powerful Chinese government that may not need legal backdoors to get in.
However, the greatest risk to American data comes not from laws that require Chinese-owned businesses to turn over data to Beijing if it demands it, but instead from the obsolescence of current United States data laws.
Shockingly, there is no broad data protection law. Instead, several federal acts govern different aspects of data privacy. The first and perhaps the most all-encompassing, The Privacy Act of 1974, prevents federal agencies from disclosing personal information without consent. Other laws include the Health Insurance Portability and Accountability Act (HIPAA) and the Family Educational Rights and Privacy Act (FERPA), which govern the privacy of medical and academic records, respectively. Perhaps comically, the Video Privacy Protection Act (VPPA) remains on the register. It restricts the sharing of VHS and DVD rental data and notably does not extend to the sharing of current streaming data. Lost in this sea of acronyms is the broad protection of the tons of data collected by far more advanced modern data tracking systems, which are then put on the private market. As companies amass more data, consumers are at greater risk for data breaches, privacy scams and corporate predation. In recent years, there have been countless stories of major corporations getting hacked, endangering an ever-increasing number of customers. Banning TikTok will not eliminate the data already stored and sold to third parties. Even if TikTok will never turn over data to the Chinese government, a dubious assumption at best, the far more realistic threat is in the private sector.
If there is hope to be found, it is in the patchwork of state regulations that have attempted to fix some holes in federal regulation. Like many things in our federal system, state regulation is uneven and imperfect. However, recently, California has passed a significant overall consumer protection bill. The California Consumer Privacy Act ensures the right to know about the personal information a business collects and the right to delete or opt out of the sharing of such information with third parties. Similarly comprehensive bills like the Consumer Privacy Act are already in the legislative committees of over 20 states. The sheer number of consumer privacy acts makes it abundantly clear how widespread and bipartisan the consumer protection issue is and ought to be.
The same bipartisan efforts to ban TikTok should be redirected toward finally passing a comprehensive declaration of privacy rights for the modern era. While we may not be able to eliminate the Chinese legal backdoor, we can and should re-examine and reform our data protection laws to protect TikTok’s millions of American users. As troubling as the TikTok situation is, it might serve as a needed push to finally ensure the right to data privacy for all.
Peter Levy is an undeclared sophomore.