Staff Editorial: Congress must look further than TikTok to protect American privacy

GRAPHIC BY DOMINIQUE CADENAS CALVO/SF FOGHORN

Learn the dances, watch cute puppies, and laugh at silly memes while you can — Congress may be banning the video-based social media app TikTok. 

Two years after the Trump administration threatened to ban the app if it did not divest from its Chinese ownership, the Biden administration is playing the same hand. TikTok CEO Shou Zi Chew testified at a congressional hearing last Thursday regarding concerns over the app’s potential threat to national security. 

TikTok is owned by ByteDance, a Chinese technology company, and the government’s main argument has focused on its proximity to the Chinese government. According to AP News, “A law implemented by China in 2017 requires companies to give the government any personal data relevant to the country’s national security.” Although there is no evidence that TikTok has given China’s government such data, fears have festered because of the large amount of user data the app collects.     

The congressional hearing was largely unsuccessful in its goal of gathering information from Chew about TikTok’s inner workings. Insider reported that several politicians “appeared uninterested in hearing full responses from the executive,” and that “Chew’s responses to questions were often cut short.” This is contradictory to the hearing’s purpose — Congress should gather all information possible to protect American privacy.

While data privacy safety should be a priority, Congress is distracted from the fact that China is not the only potential threat to the privacy of Americans — U.S. owned and operated companies have the same capacity to collect and abuse personal data. If Congress wants to protect its constituents’ and its nation’s security, it needs to focus on the broader issue of online privacy protections. 

American companies don’t just have the capacity to abuse data — they’ve already done so. Facebook received major backlash after its 2018 Cambridge Analytica scandal, which resulted in the data of 50 million users being accessed and used by Trump’s political campaign. The campaign used this data for initiatives like “designing target audiences for digital ads and fund-raising appeals, modeling voter turnout, […] and determining where Mr. Trump should travel to best drum up support,” as reported in the New York Times. Yet, despite multiple Congressional hearings, neither Facebook nor any other Meta properties were banned. We have evidence of Facebook’s transgressions and only theories of TikTok’s, but only the latter is currently under fire.

“I haven’t seen any hard evidence that TikTok is committing some form of espionage,” said New York Rep. Jamaal Bowman in an interview with NBC News. “What I’ve heard is speculation. And what I’ve heard is innuendo.” 

Vying for popularity and profit is a competition that tech companies will never back out of, and data is a valuable asset. According to the World Economic Forum, the industry of businesses that are “built around the capture of individual data… generated $156 billion dollars in revenue in 2012,” and will only continue growing. Collecting, using, and selling data is an obvious revenue source for tech companies to explore, and it’s the government’s job to make sure it is pursued in a safe way. 

In June 2022, the American Data Privacy and Protection Act was introduced in the House of Representatives, but never made it to the floor. The act would have “require[d] most companies to limit the collection, processing, and transfer of personal data to that which is reasonably necessary to provide a requested product or service and to other specified circumstances,” according to Congress’ summary of the bill

The U.S. can look to international examples of data protection laws for inspiration. The European Union’s “General Data Protection Regulation (GDPR)” is a law, put into effect in 2018, that protects citizen privacy through principles including fairness, purposefulness, and data minimization, among others. These principles are enforced through massive fines of up to €20 million for parties who do not comply with the GDPR, and have resulted in large changes in tech privacy. Notice how almost every website you go to now asks if you want to allow tracking, also known as cookies? Thank the GDPR for that. 

It’s up to Congress to take what they learned from the TikTok hearing and create protective legislation — whether an app is based in the U.S. or in China, Americans deserve to know that their data is secure. 

Leave a Reply

Your email address will not be published. Required fields are marked *