TikTok has inadvertently fueled China hawks in the US and the UK.

Lawmakers in the UK and US have reacted with alarm to the news that TikTok routes job applicants’ data to China while only disclosing it in certain jurisdictions.
On December 16, Business Insider reported that TikTok appeared to offer contradictory and incomplete – and at times incorrect – information to job applicants about how and where it sent the personal data of those applying for jobs with the company.
Among other things, the company routes all potential employee data through China, though it only tells those based outside the United States or Malaysia.
Some of the personal information TikTok says it collects about applicants is highly sensitive, with the firm’s own policies stating that it collects medical data, sex and race data, marital status, geolocation data, and data from many other categories.
It’s a move that Alan Woodward, a cybersecurity professor at the University of Surrey, said was a worry. “Once your data is within China it is subject to their laws and those are very different to those people in EU might be used to,” he told Business Insider.
“You have to be aware that China is an authoritarian regime and laws such as their Intelligence Act are very broad. If you’re dealing with any company that is ultimately controlled from China you need to keep an eye on where your data is being sent.”
Additionally, the company could not explain why its UK privacy policy said that TikTok UK was headquartered in China — which the company says is a mistake.
After it was approached by Business Insider, TikTok said it would no longer route applicants’ data through China.
The confusion has given fire to political critics of China who accuse major Chinese tech firms of being Trojan horses for the Chinese Communist Party.
Elected officials in the UK and US who have oversight in key areas of social media, and who have been watching the app’s rise in the last year, expressed concern to Business Insider.
“ByteDance [TikTok’s parent company] has argued that it’s not part of the Chinese Communist Party’s security network, but this undermines every statement they’ve made,” said Tom Tugendhat, chair of the UK Conservative Party’s China Research Group, and the House of Commons Foreign Affairs Committee.
“Their understanding of privacy and personal data is woeful and raises many questions about every other piece of data shared with them.”
US Senator Rick Scott, who introduced legislation to ban federal employees from using TikTok on government devices earlier this year, was also alarmed about Business Insider’s revelations.
“Senator Rick Scott has been warning for years that apps backed by our adversaries, including TikTok, pose huge risks to Americans’ personal privacy and national security,” said a spokesperson for the senator.
“It’s no secret that China regularly steals American research and technology, and tech companies like TikTok and Huawei are required by Chinese law to turn over data to the Chinese Communist Party. There is no reason Americans should subject themselves and their personal information to that risk.”
Damian Collins, the former chair of the House of Commons Digital, Culture, Media and Sport Committee, was equally worried.
“TikTok tried to obscure the fact that UK data from job applicants was being sent to China so that it could be published there,” he says. “The company should explain why it did this and what this data could be used for.
“There will be wider concerns from this as well about how much data TikTok collects from its users, where that is stored and who has access to it.”
Collins was scheduled to meet TikTok’s public affairs team on December 18, when he says he will be raising these concerns with company representatives.
There is no evidence that TikTok sends app users’ personal data to China, something its critics have long feared.
A spokesperson for the firm said on Wednesday: “To be crystal clear, TikTok does not have a headquarters, nor has it ever been headquartered in China. TikTok is not available in China. All TikTok user data is stored in the US and Singapore. We are also establishing a new data centre in Ireland by 2022, which will store UK and European user data.”