However, concerns remain about who has access to data.
TikTok on Friday took another step in attempting to assuage concerns about the security of its US user data. The popular social video app said in a blog post that it's changed the default location of US user data, with "100% of US user traffic is being routed to Oracle Cloud Infrastructure."
TikTok has long faced scrutiny over national security concerns, including that the app could give the Chinese government access to US user data. In 2020, the US government under President Donald Trump ordered ByteDance, the app's Beijing-based parent company, to divest TikTok. However, the sell-off wasn't enforced by the Biden administration.
Although TikTok has repeatedly said it doesn't share user data with the Chinese government, it still partnered with Oracle as part of its attempt to satisfy American national security concerns.
Previously, TikTok stored US user data in the US, with a backup in Singapore. The company on Friday said these data centers continue to be used as backups while it works to "fully pivot to Oracle cloud servers located in the US." It added that it plans to eventually delete US users' private data from its own data centers.
"We know we are among the most scrutinized platforms from a security standpoint, and we aim to remove any doubt about the security of US user data," wrote Albert Calamug, who works on US security public policy for TikTok, in the blog post on Friday.
Even with these steps, concerns remain about who might have access to US data, regardless of where it's located. On Friday, BuzzFeed News reported that "China-based employees of ByteDance have repeatedly accessed nonpublic data about US TikTok users," citing leaked audio from internal company meetings. Engineers in China reportedly had access to US data between September 2021 and January 2022, though the time frame could be longer.
A TikTok spokesperson said Friday that the company has taken steps to minimize data access across regions and in May created a new department with US-based leadership to provide a "greater level of focus and governance" on US data security.
"The creation of this organization is part of our ongoing effort and commitment to strengthen our data protection policies and protocols, further protect our users, and build confidence in our systems and controls," the spokesperson added.